Vishing Used to Con Users by Phishers

As per security providers, hackers have become fairly skilled in exploiting the recent technology for spreading malevolent codes. Their current attack focuses on effectively utilizing the major recognition of Voice over IP (VoIP) to purloin private data.

A warning given by security provider Sophos on February 21, 2008, notifies computer users to be particularly alert about messages that allege to have been sent by financial organizations, irrespective of how authentic the e-mail seems.

Sophos informs that a spammed-out message has been found professing to be a phishing alert from Kessler Federal Credit Union of the US, requesting receivers to give a call to a particular telephone number. As soon as the receiver phones to a given number, instead of opening a link, to confirm his private information, he gets caught in the phishers' trap.

Analysts at Sophos observe that to lend authenticity to the trick, phishers have adhered very carefully to the text utilized on Kessler Federal's site and have also incorporated genuine URLs, which connect to official advisories along with the correct e-mail address for notifying abuse. However, the cyber criminals haven't altered the date, content and telephone number given below of the message in order to request telephone calls to the displayed phone number.

Sophos' Senior Technology Consultant, Graham Cluley, told that phishing methods are continuously changing because the concerned companies and consumers discover the earlier ploy. Moreover, it's not only international brands that are being attacked, every type of financial institution is important to phishers, if they can make the phishing appear genuine and deceive consumers into passing on their private data, as reported by infoZine on February 21, 2008.

According to Cluley, financial institutions seem helpless in preventing switchboards lock-stock and barrel from copying by the phishers. To fight the threats, customers should call up the phone number given on the backside of their card or visit a branch instead of believing all they get through e-mail.

Sophos also mentions that this isn't the single instance of voice phishing or "vishing" practiced to deceive naive targets to give its banking information. An identical scam hit PayPal customers in 2006.

Related article: Vishing Scams could Target US Consumers, Warns IC3

» SPAMfighter News - 2/28/2008