Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > VOIP > phish by VoIP

Reply
Thread Tools

phish by VoIP

 
 
Rick Merrill
Guest
Posts: n/a
 
      05-02-2006
"Typically phishers email their victims, trying to lure them into
revealing sensitive information on bogus websites. But instead of
telling victims to click on a Web link, this attack asks users to verity
account information on a phony customer support number.

"Part of the danger here is just the fact that it is novel," senior
research scientist with Cloudmark, Adam O'Donnell, said. "Most people
are pretty comfortable calling to a phone number that they think is
their bank's."

http://fraudwar.blogspot.com/2006/04...r-victims.html
Fraud, Phishing and Financial Misdeeds: Using VoIP to Phish for Victims

- http://www.arnnet.com.au/index.php/i...75;fp;2;fpid;1


As far as I can tell the "voip" "use" is to make the phisher's phone
appear to be a US phone, which the victim is supposed to call - remember
they tell you only give out your information if YOU place the call?!

Other insights into how to spot this phish?
 
Reply With Quote
 
 
 
 
Wolfgang S. Rupprecht
Guest
Posts: n/a
 
      05-02-2006

Rick Merrill <(E-Mail Removed)> writes:
> "Part of the danger here is just the fact that it is novel," senior
> research scientist with Cloudmark, Adam O'Donnell, said. "Most people
> are pretty comfortable calling to a phone number that they think is
> their bank's."


Hopefully something good will come of this. It is amazing how much
information folks give to complete strangers over the phone.

I recall a few years ago when I got a snail mail message from a credit
card company about a newly issued credit card. The message was call
us *NOW* at this number. The implication was they were worried about
fraud. The person I talked to was very annoyed when I refused to give
my "mother's maiden name", ssn, card expiration date etc. "But you
called us sir. You know who you called." I pointed out I had no idea
who I called. All I knew was the person I called had access to a
laser printer and could generate a reasonable-looking letter from a
credit card company. Unless they could validate themselves to me I
wasn't giving them any private information. They of course threatened
to turn off the card and I pointed out that would work as validation.
If I noticed that card stopped working I'd call them back. They
finally decided that form of validation wasn't in their interest
either.

The problem still remains, unless one only calls the credit card
company's phone numbers physically printed on the card, one has
nothing to validate them by. They really need to fix that.

-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
 
Reply With Quote
 
 
 
 
Rick Merrill
Guest
Posts: n/a
 
      05-02-2006
Wolfgang S. Rupprecht wrote:

> Rick Merrill <(E-Mail Removed)> writes:
>
>>"Part of the danger here is just the fact that it is novel," senior
>>research scientist with Cloudmark, Adam O'Donnell, said. "Most people
>>are pretty comfortable calling to a phone number that they think is
>>their bank's."

>
>
> Hopefully something good will come of this. It is amazing how much
> information folks give to complete strangers over the phone.
>
> I recall a few years ago when I got a snail mail message from a credit
> card company about a newly issued credit card. The message was call
> us *NOW* at this number. The implication was they were worried about
> fraud. The person I talked to was very annoyed when I refused to give
> my "mother's maiden name", ssn, card expiration date etc. "But you
> called us sir. You know who you called." I pointed out I had no idea
> who I called. All I knew was the person I called had access to a
> laser printer and could generate a reasonable-looking letter from a
> credit card company. Unless they could validate themselves to me I
> wasn't giving them any private information. They of course threatened
> to turn off the card and I pointed out that would work as validation.
> If I noticed that card stopped working I'd call them back. They
> finally decided that form of validation wasn't in their interest
> either.
>
> The problem still remains, unless one only calls the credit card
> company's phone numbers physically printed on the card, one has
> nothing to validate them by. They really need to fix that.
>
> -wolfgang


If you will share the phone number you called, I can pass it along to
the Postal Inspectors who are checking into this sort of thing.
 
Reply With Quote
 
Wolfgang S. Rupprecht
Guest
Posts: n/a
 
      05-02-2006

Rick Merrill <(E-Mail Removed)> writes:
> If you will share the phone number you called, I can pass it along to
> the Postal Inspectors who are checking into this sort of thing.


Actually, I do believe it *was* my credit card company. The person
did eventually open up a bit and tell me which purchase I had made
that sent up a red flag. We both cautiously read some of the digits
of the purchase to each other. In this way we both did manage to make
sure that each of us was looking at my last bill.

It would be good if there were a more official way for the user and
the credit card company to mutually authenticate each other.

Although, come to think of it, there is still the possibility that the
scammer uses voip and 3-way calls the real credit card company. This
way they can record all the validation information and use it at a
later time for some mischief of their own.

-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
 
Reply With Quote
 
Bill Kearney
Guest
Posts: n/a
 
      05-03-2006
> The problem still remains, unless one only calls the credit card
> company's phone numbers physically printed on the card, one has
> nothing to validate them by. They really need to fix that.


Indeed, tell the card holder to call the number listed on their card and
then a specific extension to route them right to the proper call center.

But good point, don't just call someone back because they claim to be from a
given organization, check the numbers you've already got FIRST.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments