Consumers are being alerted to a new form of phishing known as vishing. Malicious attempts by cybercrooks to obtain other people's personal information have moved from bulk e-mail spam to voip internet phone calls. Although Secure Computing Corporation warned of this exploit over a year ago, the scam has only recently been implemented.
Wary consumers now know better than to click on e-mail links from unknown senders, so vishers have dropped links in favor of phone numbers. Using spoofed e-mail headers and camouflaged Caller ID information to make requests appear legitimate, con artists have managed to fool customers of Santa Barbara Bank & Trust, as well as PayPal members. Victims report receiving either an e-mail that appeared to originate from their institution, or a phone call claiming that their account had experienced fraudulent activity and required immediate attention. When consumers called the supplied number, an automated system, much like legitimate customer service systems, instructed the unsuspecting victims to enter their account number in order to be connected to a customer service representative.
What sets vishing apart from run-of-the-mill phishing is its reliance on voip and computers to execute the attacks. War dialers, which sequentially call numbers in a given region, are used to pull in the maximum number of potential victim in a selected area. Virtual numbers and the ability to select both area code and prefix allow criminals to come up with phone numbers that are very close to the real ones. Voip is also a much less expensive platform from which to launch these attacks.
Experts remind consumers that common sense is the best form of defense with any type of scam. If you are contacted by a company you do business with and are asked for your personal information, thank them for alerting you to the problem, hang up immediately, and then call the customer service number listed on the back of your credit card or on other verifiably genuine correspondence. If there is an actual problem, it can then easily be resolved, however if you were targeted in a vishing attempt, your information will stay secure and the institution being spoofed will now be aware that their customers are being scammed.
For more information on vishing, see voip.com's article at
http://www.voip.com/voip_articles/Phishing_Vishing.aspx