By ANDREW LAVALLEE
For some time, banks and credit-card companies have been warning computer users about so-called phishing emails that link to counterfeit Web sites where customers are asked to enter their account numbers and other personal information.
Now, savvy con artists are adding a new twist dubbed "vishing."
Customers of Santa Barbara Bank & Trust recently received emails telling them that their accounts with the company's online banking system had been disabled after the bank detected unauthorized access. They were told to dial a telephone number (with a local, Southern California area code) where an automated voice prompted them to enter their account numbers, personal-access codes and other details. It's not clear who was on the other end of the phone line, but it wasn't Santa Barbara Bank & Trust.
The incident was among the latest in a string of vishing, or voice phishing, attacks. Security experts say such schemes are made possible by Internet-telephone services, which allow computer users to quickly establish phone numbers, often without undergoing some of the verification checks used by traditional telephone companies. Also, Internet phone companies dole out numbers with a choice of area code, regardless of where in the country -- or world -- the user is located. That can make it much more difficult to locate fraudsters.
The Federal Bureau of Investigation said it has traced the Santa Barbara scheme to computers inside and outside the U.S., but so far hasn't made any arrests. The phone number has been deactivated.