Phishers turn to VoIP

There is growing evidence that Internet criminals are abusing Voice over IP services, rather than email

Cheaply available Voice over IP (VoIP) numbers and Net calling are helping crooks launch new data-thieving scams, a security company has warned.


In a twist on phishing, fraudsters are now calling their intended victims instead of emailing them. The caller hears an automated message that warns of a problem with a bank account, said Secure Computing, a maker of security appliances, in a statement on Monday.


The message includes instructions to call a phone number to resolve the issues. That number connects the caller to a voice-response system asking the consumer to enter their 16-digit credit card number, Secure Computing said.


The fraudsters are likely to use stolen identities to set up a voice-response system and acquire local VoIP phone numbers, according to Secure Computing, which dubbed the new way of scamming "vishing".


Phishers have already been sending out emails that attempt to trick people into sharing personal information over the phone, instead of via a Web site, the traditional scam.


Cybercrooks are also using cell phones as a way to bait victims. In the UK and Iceland, SMS (short message service) text messages were used to lure people to a malicious Web site that installed a backdoor, according to F-Secure, a Finnish antivirus company.


Criminals are becoming better organised and moving to more sophisticated tactics to get their hands on confidential data and turn the PCs of unwitting users into bots, or compromised PCs commandeered by remote attackers, law-enforcement officials said recently.


Phishing is one of the most common threats. In May, just over 20,000 phishing Web sites — a new record — were reported to the Anti-Phishing Working Group. Phishing is aimed at tricking a computer user into giving up sensitive information such as a credit card or Social Security number.


"Consumers need to be extra-vigilant when giving out their information on the phone," Paul Henry, vice president of strategic accounts for Secure Computing, said in the statement about vishing. "Common sense is the first line of protection."


To avoid falling for a vishing scheme or any scam that involves calling a supposed bank number, never call a number provided in a phone call or an email. Only call the number on the back of your card or on a bank statement.



Related Links:

• Go back to category Internet & Networks to read more reviews and articles.
• Go back to Software Magazine's main page.