Phishers try a phone hook

By Joris Evers, CNET News.com
Friday, April 28, 2006 01:54 PM

In a new twist on phishing, fraudsters are sending out e-mail that attempt to trick people into sharing personal information over the phone.

Cloudmark, a San Francisco-based e-mail security company, said it has seen two separate attacks this week. In both cases, the spammed message warns of a problem with a bank account and instructs the recipient to dial a phone number to resolve it, the company said in a statement published Wednesday.

The caller is connected to a voice response system that is made to sound exactly like the bank's own system, Cloudmark said.

"The phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN," Cloudmark said.

"The result can be personally financially devastating," Adam O'Donnell, the senior research scientist at Cloudmark, said in the statement.

Phishing scams are prevalent and continue to proliferate. In traditional scams, miscreants try to pilfer personal information by sending spam e-mail with links to a malicious Web site, crafted to look like a site belonging to a trusted service provider. The phone scams are a new twist, made possible by cheap Internet-based telephone services, Cloudmark said.

Antispam technology can block the e-mail scams, Cloudmark said. The company urged people who do receive the messages to notify their service providers immediately. As a precaution, people should not dial phone numbers received in an e-mail message and should double-check and dial the numbers printed on ATM and credit cards instead, it advised.


WORTHWHILE?

0

0 votes
Blog

Talkback 3 comments

It's a basic security concept that you should treat any incoming information as potentially fraudulent, so when any communication with another party was initiated not by you, you can't be totally sure of the information you get. This applies to email and even phone messages. If you are contacted by any party where security is involved you should initiate the call yourself and use whatever contact information you already have verified on file to do so (use the phone number on the back of your credit card for example) instead of whatever information was provided when the other party contacted you. This applies to emails, phone calls, voicemail, text messages - anything.
Posted by Steve Prior on Friday, April 28 2006 11:29 PM

...so have a bunch of fake credit cards printed up, with a number to your specialized voice mail system and one of those "Activation" stickers on the front, with the users CC # and then get there pin number when they call in to verify the card...
Posted by JP on Saturday, April 29 2006 06:21 AM

Unfortunately when we do get 'phishing' emails and wish to take up with the organizations(mostly Banks) we fail since there is no way one can directly communicate to these Banks as they do not reveal the email IDs to which one can post such threats. i have received so many 'phishing' mails and after several attempts to inform the Banks I have given up. Wish there was some site to which one can post these. Ravi
Posted by RAVI on Tuesday, May 09 2006 09:47 AM


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions


Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery

Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web