The folks at SecureWorks have observed a new phishing technique that uses call forwarding to route a victim's incoming phone calls to a number controlled by the attacker.

Victims are told to confirm their phone number with their bank by dialing *72 followed by a series of numbers. In the US, the sequence will cause most phones to forward all incoming calls. Once completed, the victim hears a message saying the confirmation has been successful.

The call-forwarding ruse is included in a more traditional phishing email that attempts to dupe victims into divulging credit card information and personal identification details. Successful phishing attempts allow the attackers to use the victim's credit card, then provide the victim's identification credentials in the event a banking representative calls to confirm the transaction. ®

Related stories

• Securing the world against terrorists, scammers, and thugs (17 September 2008)
• Austrian domain registrar 'aids' phishers (21 June 2007)
• DIY kits dumb down phishing (8 June 2007)
• Strange spoofing technique evades anti-phishing filters (25 May 2007)
• Exclusive So who sent you that spam? HP or Oracle? (28 March 2007)
• California cuts off aid to ID thieves (26 March 2007)
• Anatomy of an eBay scam (21 March 2007)
• Phish fighters floored by DDoS assault (20 February 2007)
• Social sites' insecurity increasingly worrisome (5 December 2006)
• eBay redirection ruse reloaded (13 November 2006)
• Phishing email poses as IRS tax refund (30 November 2005)