Voice And VoIP Phishing Scams On The Rise - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Voice And VoIP Phishing Scams On The Rise

Voice phishing is dangerous because although most Internet users won't click on a URL in an e-mail, they're quite accustomed to entering credit card or account numbers via the phone keypad.

Scammers have begun using the telephone to harvest data for use in identity theft and credit card fraud, and voice-over-IP is making it easier for them to cover their tracks.

Websense Security Labs last month reported a scam that targeted customers of Santa Barbara Bank & Trust with an e-mail alerting them to a supposed problem with their account. Instead of directing customers to click on a link, the e-mail listed a phone number for customers to call to verify their identity. When victims called the number, an automated voice-response system asked them to enter their 16-digit account numbers using the phone keypad.

And in early July, a similar scam involving bogus Paypal account security warnings attempted to trick users into providing credit card information via telephone.

Paul Henry, vice president of strategic accounts at Secure Computing, a San Jose, Calif.-based security solution provider, said voice phishing is dangerous because although most Internet users won't click on a URL in an e-mail, they're quite accustomed to entering credit-card or account numbers via the phone keypad.

"This is really an evolution of phishing and a great example of how social engineering can be used to hack a normal human process," Henry said.

Voice phishing, or "vishing," can help criminals obtain detailed credit-card data such as the expiration date and the security code located on the back of the card, he added.

Scott Holcomb, CEO of Holcomb Enterprises, a Mission Viejo, Calif.-based solution provider, said VoIP technology gives criminals the anonymity they need to carry out scams.

"With regular phones, there's a physical location that has to be reported. But for VoIP, all you need is an IP address," Holcomb said. It's also a simple process to set up a voice response system and acquire local VoIP phone numbers, he added.

Voice phishing will be difficult to keep in check because hackers already have figured out how to spoof caller ID for VoIP calls, according to Henry. "Someone could call you and forge caller ID to make it appear that the call was coming from a bank, for example," he said.

"There is very little if anything that can be done from a technology perspective [to stop voice phishing]," Henry added. "So we are going to have to start rethinking within the financial sector how long we can make it easy to establish and use credit. That, to me, is the root cause of the problem."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll