Original URL: http://www.theregister.co.uk/2006/06/26/voice_phishing/
Say Hello to voice phishing
Give it up after the tone
Posted in ID, 26th June 2006 12:01 GMT
Free whitepaper – Reshaping IT
Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. The tactic has been adopted as a variant of recently detected phishing attacks targeting customers of the Santa Barbara Bank & Trust.
The attack begins with a spoofed email message (commonly with the subject line "Message 156984 Client's Details Confirmation (Santa Barbara Bank & Trust"). Instead of seeking to persuade users to visit a bogus website, these emails direct them towards phoning a number in Southern California.
When potential marks dial the phone number, a recording [1] requests that they enter their account number.
Net security firm Websense notes [2] that the recorded message does not mention the Santa Barbara Bank & Trust, a sign that the same phone line is potentially being lined up for fraudulent attacks targeting the customers of other online banks or ecommerce firms. ®