Phishers try a phone hook

By Joris Evers, CNET News.com
Friday, April 28, 2006 01:54 PM

In a new twist on phishing, fraudsters are sending out e-mail that attempt to trick people into sharing personal information over the phone.

Cloudmark, a San Francisco-based e-mail security company, said it has seen two separate attacks this week. In both cases, the spammed message warns of a problem with a bank account and instructs the recipient to dial a phone number to resolve it, the company said in a statement published Wednesday.

The caller is connected to a voice response system that is made to sound exactly like the bank's own system, Cloudmark said.

"The phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN," Cloudmark said.

"The result can be personally financially devastating," Adam O'Donnell, the senior research scientist at Cloudmark, said in the statement.

Phishing scams are prevalent and continue to proliferate. In traditional scams, miscreants try to pilfer personal information by sending spam e-mail with links to a malicious Web site, crafted to look like a site belonging to a trusted service provider. The phone scams are a new twist, made possible by cheap Internet-based telephone services, Cloudmark said.

Antispam technology can block the e-mail scams, Cloudmark said. The company urged people who do receive the messages to notify their service providers immediately. As a precaution, people should not dial phone numbers received in an e-mail message and should double-check and dial the numbers printed on ATM and credit cards instead, it advised.


WORTHWHILE?

0

0 votes
Blog

Talkback 3 comments

It's a basic security concept that you should treat any incoming information as potentially fraudulent, so when any communication with another party was initiated not by you, you can't be totally sure of the information you get. This applies to email and even phone messages. If you are contacted by any party where security is involved you should initiate the call yourself and use whatever contact information you already have verified on file to do so (use the phone number on the back of your credit card for example) instead of whatever information was provided when the other party contacted you. This applies to emails, phone calls, voicemail, text messages - anything.
Posted by Steve Prior on Friday, April 28 2006 11:29 PM

...so have a bunch of fake credit cards printed up, with a number to your specialized voice mail system and one of those "Activation" stickers on the front, with the users CC # and then get there pin number when they call in to verify the card...
Posted by JP on Saturday, April 29 2006 06:21 AM

Unfortunately when we do get 'phishing' emails and wish to take up with the organizations(mostly Banks) we fail since there is no way one can directly communicate to these Banks as they do not reveal the email IDs to which one can post such threats. i have received so many 'phishing' mails and after several attempts to inform the Banks I have given up. Wish there was some site to which one can post these.
Ravi
Posted by RAVI on Tuesday, May 09 2006 09:47 AM

Guest user

Guest user

Level: 
Joined: —
Already a member? Log in »



 

Loading...

Tech Jobs Now!

Parse XML with the StAX Java API

Java

Find out more about StAX, a pure Java API based on interfaces that can be implemented by multiple parsers, and how to use it to read and write XML documents.


Read more »


Tags

  1. acquires
  2. against
  3. antivirus
  4. attacks
  5. back
  6. by
  7. critical
  8. cyber
  9. data
  10. flaw
  11. flaws
  12. google
  13. hacked
  14. ibm
  15. internet
  16. malware
  17. microsoft
  18. online
  19. over
  20. phishing
  21. security
  22. sites
  23. software
  24. symantec
  25. threat
  26. threats
  27. uk
  28. us
  29. warns
  30. web

Today's corporate landscape ain't Sesame Street

Blog thumbnail

The reality of today's business environment is that many companies have resorted to cost-cutting measures, in a bid to brace themselves for any spillover effects from the economic downturn in..... by Eileen Yu

Read more »