Phishers' Latest Platforms: VoIP, SMS

Symantec has also accumulated evidence that shows some phishers are collecting user names and passwords fast enough to defeat two-factor authentication number generators and are using one-time, quickly disposed URLs to avoid site blacklisting, a common anti-phishing technique.



Phishers have branched out beyond e-mail, a security researcher said, and are now exploring both VoIP and text messaging as attack avenues.

Voice over IP is attractive to identity fraudsters, said Zulfikar Ramzan of Symantec's Advanced Threat Research group, in a company blog entry Tuesday, because it's an affordable way to dial large numbers of phone numbers. Dubbed "vishing" for voice phishing, "such attacks can be conducted cheaply enough that phishers might see a sufficient return on their investment," Ramzan said. Phishers substitute phone numbers for URLs in traditional e-mailed come-ons or dial consumers directly, circumventing e-mail entirely.

Another tactic, said Ramzan, is "smishing," for SMS phishing. "A victim might receive a phone [text] message saying that he or she will be charged $x per day if a fictitious order at a particular Web site isn't cancelled," he said. "In a panic, the victim then visits the site to cancel the order [but] in the process the victim will end up with malicious software on his or her machine."

Symantec also has accumulated evidence that shows that some phishers are collecting user names and passwords fast enough to defeat two-factor authentication number generators and are using one-time, quickly disposed URLs to avoid site blacklisting, a common anti-phishing technique.

"Phishers have demonstrated that they really mean business," Ramzan said. "Their attacks have become more frequent, more varied, and quite frankly more innovative. We must continuously out-innovate them and persistently redouble our efforts."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service