New Vishing Scams Rise at an Alarming Pace
Trend Micro, a vendor for security services, on June 13, 2008, said that the continuous rise in vishing frauds in which spam mails are sent to steal users' confidential financial information are making users more skeptical and defensive.
The researchers disclosed that such assaults are continuously rising in number. Moreover, ever since vishing was noted in 2006, it escalated to such a level in January 2008 that the FBI mentioned about it in an Internet Crime Center advisory.
The IC3 has been receiving several reports about different forms of this scam called 'vishing.' Further, the attacks that target the US financial organizations and consumers keep on rising at a alarming rate.
Vishing scam operates quite similar to phishing by enticing consumers via spam mails to reveal their Personally Identifiable Information (PII), claiming that their account could be suspended, restrained or terminated. The spam message in the scam asks the recipients to get in touch with their bank using a phone number given in the e-mail.
But on calling the given number, a message saying, "Welcome to the bank of..." greets the recipient followed by a request for his/her card number to help resolve an apparent security problem. Vishing assaults also seem to follow the nature of Website hacks and sophisticated phishing techniques as they use malicious toolkits to send the vishing-related spam.
SmssmtpSender is one such toolkit that is used for vishing and SMS spamming, said Donald Smith at SANS Internet Storm Center as he came across this kit, as reported by TrendMicro on June 13, 2008.
SmssmtpSender comprised several separate tools combined into a single kit to compromise, regulate and control users' computers to send out spam via compromised accounts that originally had feeble passwords.
Meanwhile, Trend Micro's Researchers observe that vishing attacks, which are hard to track down because of the nature of VoIP, are now being launched on large scales with the use of' sophisticated attacking techniques.
Hence, as precaution, consumers should call financial institutions only at numbers provided in their bank statements or on their cards obtained from the bank in addition to updating their security software.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 01-07-2008