Feeds

FBI rings warnings over VoIP phishing cons

'Alarming' rise in vishing

3 Big data security analytics techniques

Fraudsters are turning to VoIP systems to craft more convincing phishing attacks. The FBI's Internet Crime Complaint Centre (IC3) warned last week of an "alarming" rise in the volume of so-called vishing attacks targeting US financial institutions and consumers.

Phishing attacks commonly take the form of forged emails that attempt to trick consumers into disclosing their online banking login credentials to fraudulent sites in response to bogus warnings that prospective marks need to respond to a "security check".

Vishing (voice phishing) attacks involve variations on the theme. In both cases, prospective marks are warned that their accounts will be suspended or cancelled unless they respond.

Vishing messages, unlike traditional email phishing attacks, can arrive as a text message or phone calls in addition to email. Also, vishing attacks are designed to con concerned users into handing over credit or debit card details to fraudsters in calls routed through a cheap VoIP-based answering system.

"Recipients are directed to contact their bank via telephone number provided in the email or by an automated recording. Upon calling the telephone number, the recipient is greeted with 'Welcome to the bank of...' and then requested to enter their card number in order to resolve a pending security issue," the FBI's cybercrime clearing house reports.

One recent variant of the attack involved a text message that claimed the recipient's online bank account had expired. Prospective marks were encouraged to "renew their online bank account" by using the link provided, which directed the credulous to a mobile phone-friendly fraudulent website.

IC3 advises that since criminal methodologies are evolving, the only safe response is to be wary of all emails, telephone calls, or text messages requesting personal finance data.

Consumers with security concerns would do better to contact their banks directly using phone numbers included in statements or telephone books. Recipients of vishing attacks, or other similar hoaxes, are invited to file a complaint with IC3 via its website. ®

3 Big data security analytics techniques

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.