The Register ®

Biting the hand that feeds IT

The Register » Security » ID »

Original URL: http://www.theregister.co.uk/2006/06/26/voice_phishing/

Say Hello to voice phishing

By John Leyden
Published Monday 26th June 2006 12:01 GMT

Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. The tactic has been adopted as a variant of recently detected phishing attacks targeting customers of the Santa Barbara Bank & Trust.

The attack begins with a spoofed email message (commonly with the subject line "Message 156984 Client's Details Confirmation (Santa Barbara Bank & Trust"). Instead of seeking to persuade users to visit a bogus website, these emails direct them towards phoning a number in Southern California.

When potential marks dial the phone number, a recording (http://www.websense.com/securitylabs/images/alerts/june_vishing.wav) requests that they enter their account number.

Net security firm Websense notes (http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534) that the recorded message does not mention the Santa Barbara Bank & Trust, a sign that the same phone line is potentially being lined up for fraudulent attacks targeting the customers of other online banks or ecommerce firms. ®

© Copyright 2008