News
News
7/19/2006
10:23 AM
Connect Directly
RSS
E-Mail
50%
50%

Phishing Via VoIP On Rise

Voice phishing--or "vishing"--is particularly dangerous because although most Internet users won't click on a URL in an e-mail, they're quite accustomed to entering their credit card or account numbers through a phone keypad.

Scammers have begun using the telephone to harvest data for use in identity theft and credit card fraud, and VoIP is making it easier for them to cover their tracks.

Websense Security Labs, San Diego, in June reported a scam that targeted customers of Santa Barbara Bank & Trust with an e-mail alerting them to a supposed problem with their account. Instead of directing them to click on a link, the e-mail listed a phone number for customers to call to verify their identity. When the victim called the number, a fake automated voice response system set up by the scammers asked them to enter their 16-digit account number using the phone keypad.

Earlier this month, a similar scam involving bogus Paypal account security warnings attempted to trick users into providing credit card information via telephone.

Voice phishing—or "vishing"—is dangerous because although most Internet users won't click on a URL in an e-mail, they're quite accustomed to entering their credit card or account number through a phone keypad, said Paul Henry, vice president of strategic accounts for security vendor Secure Computing, San Jose, Calif.

"This is really an evolution of phishing and a great example of how social engineering can be used to hack a normal human process," Henry said. Vishing can help criminals obtain detailed credit card data for use in identity theft, such as expiration dates and the three-digit security codes on the back of most credit cards, he added.

Scott Holcomb, CEO of Holcomb Enterprises, a Mission Viejo, Calif.-based solution provider, says VoIP technology gives criminals the anonymity they need to carry out scams. "With regular phones, there's a physical location that has to be reported, but for VoIP, all you need is an IP address," Holcomb said. It's also a simple process to set up a voice response system and acquire local VoIP phone numbers, he said.

Jay Cuthrell, CTO at Digitel, an Atlanta-based solution provider, said when criminals call their victims, they're using VoIP providers to display bogus caller ID information that matches the actual names and numbers of banks and credit card companies. "In some cases, the vishing caller ID could look more professional than what some call centers currently send," Cuthrell said.

However, Jim Wyborny, president of ExpedIT Solutions, a Carrollton, Texas-based solution provider, doesn't think scammers are leveraging VoIP to remain anonymous. "There would be a potential for the same, if not more, tracking if these are actually VoIP phones. There has to be a public IP address out there somewhere pointing to them," he said.

There is very little that can be done from a technology perspective to stop voice phishing, and solutions will have to come from elsewhere, Henry said. "We are going to have to start rethinking within the financial sector how long we can make it easy to establish and use credit. That, to me, is the root cause of the problem," he said.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.