From The Front End - ZDNet Edition
My ZDNet version of my blog. Will feature news my mad opinions and relevant posts or partial quotes from my blog - http://www.fromthefrontend.co.uk
Topics: Wed Standards, Tools and Services for Designers, Photography and graphics, Accessibility and other Front-End Webdesign related info.
Tuesday 3 April 2007, 3:29 PM
Vishing: Phising goes VoIP
Most of us have heard of "Phising". Scammers send out mass emails pretending to be from a bank or other financial institution advising of a problem with your account and providing a link to where you can login and rectify the issue. The link is of course to a website set up by the scammer where they will record all the login information you provide so they can then go and clean out your bank account.
More and more people have become wise to this trick and the newest internet Browsers even have built-in (or plugin) tools to warn you when you visit such a site.
Scammers have not given up and have moved to VoIP as the next weapon in their arsenal. Similar official looking emails are being sent out but rather than providing a link to a website, that can be flagged by your browser or you might be too savvy to click, they provide a phone number to call. The number may even appear to be freephone or local to your area.
When calling the number it connects you to a computer running VoIP software ready to record your every button press or response. An automated message will ask you to verify your identity by asking account numbers or dates of birth until they have enough information to get into your real bank account.
Some scammers have taken advantage of the cheap calls possible via VoIP and are setting their systems to auto-dial numbers and cold call for information via a recorded message. Some even do the calling manually themselves.
If you get an email or call and are unsure whether it's genuine look up your banks contact details on their official website and call them via their listed number rather than the one provided. Also bear in mind that if there is a real security issue with your account your bank will never contact you with a pre-recorded message.
You may even want to give some false information to see if the caller/automated message picks up on it. If it carries on and doesn't advise that incorrect details have been provided then you know you aren't dealing with your bank. You should report any vishing attempts made on you to your bank.
As with all internet and phone use - be careful who you give your details to.
