Tuesday, May 09, 2006

Phishing Leaps to Next Level With VoIP

Same old scams, new technology to use to do it. BEWARE!!

A security firm on Tuesday reported discovering a phishing scheme in which the scammers used spam disguised as coming from a small bank in a large East Coast city, Cloudmark Inc., a messaging security firm, said. The message asked the recipient to dial a telephone number to talk with a bank representative.

The number went to an automated voice system that asked for an account number and personal identification number, or PIN, in order to access the caller's finances. The number was obtained through a regular provider of voice over Internet protocol services.

There was no indication that the VoIP provider was aware of the scam, said Cloudmark, which declined to name the company and the spoofed bank.

The incident reflected a mutation in the tactics used by phishers to snare victims. More traditional schemes involve spam asking the recipient to visit their bank's private branch exchange, running an automated telephone information system. The voice system sounds exactly like the bank's phone tree, directing the caller to specific extensions, Adam J. O’Donnell, senior research scientist at Cloudmark, said.

O'Donnell believes it's likely the phishers were using virus-infected computers that had been commandeered to take calls over the Internet.

The use of VoIP is a natural mutation of phishing, since it involves Internet technologies that crooks operating on the Web are familiar with, O'Donnell said. In addition, obtaining a VoIP telephone number is easy and inexpensive and calls can be directed to any IP address. In the latest attack, the phishers used the same pitch in the emails, but used three different telephone numbers.

"Through the economics of using VoIP, phishers reap the same benefits of any small business," O'Donnell said.

It's not known how popular VoIP technology will become with phishers. That would depend on how successful it is at trapping victims "This is very early on, and we haven't seen a spike," O'Donnell said.

"Our main purpose at this point is to tell consumers before they fall victim."

By
Antone Gonsalves

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home