Feeds

FBI rings warnings over VoIP phishing cons

'Alarming' rise in vishing

Intelligent flash storage arrays

Fraudsters are turning to VoIP systems to craft more convincing phishing attacks. The FBI's Internet Crime Complaint Centre (IC3) warned last week of an "alarming" rise in the volume of so-called vishing attacks targeting US financial institutions and consumers.

Phishing attacks commonly take the form of forged emails that attempt to trick consumers into disclosing their online banking login credentials to fraudulent sites in response to bogus warnings that prospective marks need to respond to a "security check".

Vishing (voice phishing) attacks involve variations on the theme. In both cases, prospective marks are warned that their accounts will be suspended or cancelled unless they respond.

Vishing messages, unlike traditional email phishing attacks, can arrive as a text message or phone calls in addition to email. Also, vishing attacks are designed to con concerned users into handing over credit or debit card details to fraudsters in calls routed through a cheap VoIP-based answering system.

"Recipients are directed to contact their bank via telephone number provided in the email or by an automated recording. Upon calling the telephone number, the recipient is greeted with 'Welcome to the bank of...' and then requested to enter their card number in order to resolve a pending security issue," the FBI's cybercrime clearing house reports.

One recent variant of the attack involved a text message that claimed the recipient's online bank account had expired. Prospective marks were encouraged to "renew their online bank account" by using the link provided, which directed the credulous to a mobile phone-friendly fraudulent website.

IC3 advises that since criminal methodologies are evolving, the only safe response is to be wary of all emails, telephone calls, or text messages requesting personal finance data.

Consumers with security concerns would do better to contact their banks directly using phone numbers included in statements or telephone books. Recipients of vishing attacks, or other similar hoaxes, are invited to file a complaint with IC3 via its website. ®

Intelligent flash storage arrays

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.