Vishing Evolves In The Scam Ecosystem using VoIP

Consumers are being alerted to a new form of phishing known as vishing. Malicious attempts by cybercrooks to obtain other people's personal information have moved from bulk e-mail spam to voip internet phone calls. Although Secure Computing Corporation warned of this exploit over a year ago, the scam has only recently been implemented.

Wary consumers now know better than to click on e-mail links from unknown senders, so vishers have dropped links in favor of phone numbers. Using spoofed e-mail headers and camouflaged Caller ID information to make requests appear legitimate, con artists have managed to fool customers of Santa Barbara Bank & Trust, as well as PayPal members. Victims report receiving either an e-mail that appeared to originate from their institution, or a phone call claiming that their account had experienced fraudulent activity and required immediate attention. When consumers called the supplied number, an automated system, much like legitimate customer service systems, instructed the unsuspecting victims to enter their account number in order to be connected to a customer service representative.

What sets vishing apart from run-of-the-mill phishing is its reliance on voip and computers to execute the attacks. War dialers, which sequentially call numbers in a given region, are used to pull in the maximum number of potential victim in a selected area. Virtual numbers and the ability to select both area code and prefix allow criminals to come up with phone numbers that are very close to the real ones. Voip is also a much less expensive platform from which to launch these attacks.

Experts remind consumers that common sense is the best form of defense with any type of scam. If you are contacted by a company you do business with and are asked for your personal information, thank them for alerting you to the problem, hang up immediately, and then call the customer service number listed on the back of your credit card or on other verifiably genuine correspondence. If there is an actual problem, it can then easily be resolved, however if you were targeted in a vishing attempt, your information will stay secure and the institution being spoofed will now be aware that their customers are being scammed.

For more information on vishing, see voip.com's article at http://www.voip.com/voip_articles/Phishing_Vishing.aspx
Posted on Jul 24, 2006  Reviews | Share |  Digg
Filed in:
All comments require the approval of the site owner before being displayed.

Post a Comment

Please use a valid e-mail address. Your address will not be publicly visible and is only a means for us to contact you when asked. Thank you.

Name
E-mail
(will show your gravatar icon)
Home page

Comment (Some html is allowed: )  

Enter the code shown (prevents robots):




  All brand, company, and product names are trademarks or registered trademarks of their
  respective owners. © 2012 VoIP Monitor. All rights reserved. Privacy Policy  Terms