"Typically phishers email their victims, trying to lure them into revealing sensitive information on bogus websites. But instead of telling victims to click on a Web link, this attack asks users to verity account information on a phony customer support number.
"Part of the danger here is just the fact that it is novel," senior research scientist with Cloudmark, Adam O'Donnell, said. "Most people are pretty comfortable calling to a phone number that they think is their bank's."
-
As far as I can tell the "voip" "use" is to make the phisher's phone appear to be a US phone, which the victim is supposed to call - remember they tell you only give out your information if YOU place the call?!
Other insights into how to spot this phish?