1. Home
  2. Voice-Over-IP
  3. phish by VoIP

phish by VoIP

"Typically phishers email their victims, trying to lure them into revealing sensitive information on bogus websites. But instead of telling victims to click on a Web link, this attack asks users to verity account information on a phony customer support number.

"Part of the danger here is just the fact that it is novel," senior research scientist with Cloudmark, Adam O'Donnell, said. "Most people are pretty comfortable calling to a phone number that they think is their bank's."

formatting link
Phishing and Financial Misdeeds: Using VoIP to Phish for Victims

-

formatting link

As far as I can tell the "voip" "use" is to make the phisher's phone appear to be a US phone, which the victim is supposed to call - remember they tell you only give out your information if YOU place the call?!

Other insights into how to spot this phish?

Reply to
Rick Merrill
Loading thread data ...

Hopefully something good will come of this. It is amazing how much information folks give to complete strangers over the phone.

I recall a few years ago when I got a snail mail message from a credit card company about a newly issued credit card. The message was call us *NOW* at this number. The implication was they were worried about fraud. The person I talked to was very annoyed when I refused to give my "mother's maiden name", ssn, card expiration date etc. "But you called us sir. You know who you called." I pointed out I had no idea who I called. All I knew was the person I called had access to a laser printer and could generate a reasonable-looking letter from a credit card company. Unless they could validate themselves to me I wasn't giving them any private information. They of course threatened to turn off the card and I pointed out that would work as validation. If I noticed that card stopped working I'd call them back. They finally decided that form of validation wasn't in their interest either.

The problem still remains, unless one only calls the credit card company's phone numbers physically printed on the card, one has nothing to validate them by. They really need to fix that.

-wolfgang

Reply to
Wolfgang S. Rupprecht

If you will share the phone number you called, I can pass it along to the Postal Inspectors who are checking into this sort of thing.

Reply to
Rick Merrill

Actually, I do believe it *was* my credit card company. The person did eventually open up a bit and tell me which purchase I had made that sent up a red flag. We both cautiously read some of the digits of the purchase to each other. In this way we both did manage to make sure that each of us was looking at my last bill.

It would be good if there were a more official way for the user and the credit card company to mutually authenticate each other.

Although, come to think of it, there is still the possibility that the scammer uses voip and 3-way calls the real credit card company. This way they can record all the validation information and use it at a later time for some mischief of their own.

-wolfgang

Reply to
Wolfgang S. Rupprecht

Indeed, tell the card holder to call the number listed on their card and then a specific extension to route them right to the proper call center.

But good point, don't just call someone back because they claim to be from a given organization, check the numbers you've already got FIRST.

Reply to
Bill Kearney

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.