Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. The tactic has been adopted as a variant of recently detected phishing attacks targeting customers of the Santa Barbara Bank & Trust.

The attack begins with a spoofed email message (commonly with the subject line "Message 156984 Client's Details Confirmation (Santa Barbara Bank & Trust"). Instead of seeking to persuade users to visit a bogus website, these emails direct them towards phoning a number in Southern California.

When potential marks dial the phone number, a recording requests that they enter their account number.

Net security firm Websense notes that the recorded message does not mention the Santa Barbara Bank & Trust, a sign that the same phone line is potentially being lined up for fraudulent attacks targeting the customers of other online banks or ecommerce firms. ®