Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

New Phishing Attack Uses Call-Forwarding Technique

A new phishing attack tricks victims into transferring their telephone calls to the attacker so that the latter can foil the efforts of a bank to identify fraud, according to researchers at SecureWorks.

The Atlanta-based security vendor found the attack this week. The attacker sends a threatening e-mail that tells the recipients that their bank needs to check out their phone numbers. If the recipient failed to confirm the number then the person's account will stand suspended. The person can confirm his/her number by dialing *72 and then another given number. This trick effectively transfers the recipients' calls to the phisher's telephone.

After this the e-mail asks the victim to update his/her personal information including bank account and Social Security numbers.

If the e-mail receiver falls in the trap, then the scammer is able to intercept all incoming calls. The scammer is able to even inform victims over phone that the verification of their account information was complete.

This type of scam has occurred for the first time, SecureWorks researcher Don Jackson said.

He explained that unlike previous phone-phishing scams, in this attack the phishers actually ask for call forwarding. The victimized bank in the case said it would call customers personally to confirm their accounts. Some phishing forums challenged if anyone could design a way to neutralize that, therefore this case was its response. SCMagazine published this, April 27 2007.

A customer who co-operates with the phisher allows him to own all the information needed to conduct fraudulent purchases, according to SecureWorks.

There was a security advise in the phishing e-mail and also tips about username and password to maintain additional security. These were to make the e-mail look authentic like many real bank pages, said Jackson. In fact, the page used a template from the bank that the phisher targeted, Jackson added.

Phishing schemes in the past had requested users to call a phone number and submit their account information but never to forward call. In 2006, a phishing e-mail urged recipients to make a phone call at a given number and key in a 16-digit card number.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 05-05-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next