Feeds

FBI rings warnings over VoIP phishing cons

'Alarming' rise in vishing

Providing a secure and efficient Helpdesk

Fraudsters are turning to VoIP systems to craft more convincing phishing attacks. The FBI's Internet Crime Complaint Centre (IC3) warned last week of an "alarming" rise in the volume of so-called vishing attacks targeting US financial institutions and consumers.

Phishing attacks commonly take the form of forged emails that attempt to trick consumers into disclosing their online banking login credentials to fraudulent sites in response to bogus warnings that prospective marks need to respond to a "security check".

Vishing (voice phishing) attacks involve variations on the theme. In both cases, prospective marks are warned that their accounts will be suspended or cancelled unless they respond.

Vishing messages, unlike traditional email phishing attacks, can arrive as a text message or phone calls in addition to email. Also, vishing attacks are designed to con concerned users into handing over credit or debit card details to fraudsters in calls routed through a cheap VoIP-based answering system.

"Recipients are directed to contact their bank via telephone number provided in the email or by an automated recording. Upon calling the telephone number, the recipient is greeted with 'Welcome to the bank of...' and then requested to enter their card number in order to resolve a pending security issue," the FBI's cybercrime clearing house reports.

One recent variant of the attack involved a text message that claimed the recipient's online bank account had expired. Prospective marks were encouraged to "renew their online bank account" by using the link provided, which directed the credulous to a mobile phone-friendly fraudulent website.

IC3 advises that since criminal methodologies are evolving, the only safe response is to be wary of all emails, telephone calls, or text messages requesting personal finance data.

Consumers with security concerns would do better to contact their banks directly using phone numbers included in statements or telephone books. Recipients of vishing attacks, or other similar hoaxes, are invited to file a complaint with IC3 via its website. ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Turnbull: NBN won't turn your town into Silicon Valley
'People have been brainwashed to believe that their world will be changed forever if they get FTTP'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.