Lame phone dodgers fleece finance's foolish and fat fingered
A hundred top US finance companies targeted
Scammers are attempting to fleece a hundred top US financial companies by registering phone numbers close to those in use by the firms, engineer Scott Strong says.
Of some 600 top financial institutions across the US, 103 or about 20 percent had scammers register their numbers with only the last few digits altered in a bid to conceal identity fleecing exploits.
Strong of Pindrop Security said scammers would place calls to victims and masquerade as a bank phone operator to retrieve identity information.
"There is a high likelihood that numbers that are very similar to financial institution numbers are being obtained by fraudsters [who are] scamming people calling the wrong number or who are calling customers," Strong told Vulture South.
"They're not immediately taking money from clients on the call, what they are doing is taking information that may be piece together with other data they have for defrauding at a later time."
"If you've responded to one of their voicemails, you've moved yourself up their attack lists."
The company began examine the fraud after a US credit union client discovered four nearby numbers that were used to fleece customers.
The unnamed credit union worked with its telco to shutter the number.
It was unknown how much cash had been fleeced from victims in the so-called misdial trap or what became of the identity information the crooks steal.
It was a small but novel part of a wider fraud that cost the US an estimated $2 billion a year.
Attackers were spread across the world with spoofed gateways likely in use in the UK and similar countries, and there appeared to be no clear organisation between the groups.
While the fraudsters were enjoying what might be the most basic fleecing since Oliver Twist emptied pockets, they would be out of business in short order if financial firms tested neighbouring numbers for misdial traps.
"Literally just call the numbers," Strng said. "If they pick up and claim to be your organisation, well then it's pretty-well certain they're fraudsters and you should call your telco." ®
Sponsored: Becoming a Pragmatic Security Leader