Original URL: http://www.theregister.co.uk/2006/06/26/voice_phishing/
Say Hello to voice phishing
Give it up after the tone
Posted in ID, 26th June 2006 12:01 GMT
Free whitepaper – Managing operating systems and applications with the new Dell Management Console
Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. The tactic has been adopted as a variant of recently detected phishing attacks targeting customers of the Santa Barbara Bank & Trust.
The attack begins with a spoofed email message (commonly with the subject line "Message 156984 Client's Details Confirmation (Santa Barbara Bank & Trust"). Instead of seeking to persuade users to visit a bogus website, these emails direct them towards phoning a number in Southern California.
When potential marks dial the phone number, a recording (http://www.websense.com/securitylabs/images/alerts/june_vishing.wav) requests that they enter their account number.
Net security firm Websense notes (http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534) that the recorded message does not mention the Santa Barbara Bank & Trust, a sign that the same phone line is potentially being lined up for fraudulent attacks targeting the customers of other online banks or ecommerce firms. ®