Feeds

Fax-back phishing scam targets PayPal

Retro racket

The Essential Guide to IT Transformation

Phishers have gone retro with a scam that tries to dupe victims into faxing their banking details to fraudsters. Scam emails, (screengrab) which pose as messages from online payment outfit Paypal, urge users to fax back account information instead of the more usual tactic of handing over details to a bogus website.

Would-be victims are told the information is needed to investigate an alleged security breach involving an attempt to reset their password (have the lads from Lagos developed a sense of irony here?). The scam email points to a Microsoft Word document on a Polish website. Recipients are instructed to download and complete with their bank account details (including PIN information), credit card numbers and login details before faxing back to what ostensibly appears to be a freephone number in the US. Sophos has confirmed that the telephone number mentioned in the emails is hosting an active fax machine. It's unclear whether the phone is actually located in the States or is being redirected elsewhere.

Sophos has reported the scam emails to eBay and is awaiting a response. "The phishing gang may have made a huge blunder by including the fax number in their scam. PayPal and the authorities are sure to follow that lead when investigating this matter further," said Graham Cluley, senior technology consultant for Sophos. "In the last few days we have seen a number of attempts by phishers to use this technique, and it's possible that some people who know that they need to be careful about entering their confidential information on a bogus website may think that completing and faxing back such a form is somehow safer."

He added that the change in tactics by phishers was likely an experiment possibly prompted by the effect of greater public awareness on response rates to conventional phishing scams. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.