Wednesday, April 26, 2006

Phishing Leverages VoIP in New Scam Model

Cara Garretson writes on NetworkWorld:

Small businesses and consumers aren’t the only ones enjoying the cost savings of switching to VoIP; according to messaging security company Cloudmark, phishers have begun using the technology to help them steal personal and financial information over the phone.

Earlier this month, Cloudmark trapped an e-mailed phishing attack in its security filters that appeared to come from a small bank in a big city and directed recipients to verify their account information by dialing the included number (the Cloudmark user who received the e-mail and alerted the company knew it was a phishing scam because he’s not a customer at this bank).

Usually phishing scams are e-mail messages that direct unwitting recipients to a Web site to capture their personal or financial information. But because much of the public is learning not to visit the Web sites these messages try to direct them to, phishers believe asking recipients to dial a phone number instead is novel enough that people will do it, says Adam O’Donnell, senior research scientist at Cloudmark.

And that’s where VoIP comes in. By simply acquiring a VoIP account, associating it with a phone number and backing it up with an interactive voice recognition system and free PBX software running on a cheap PC, phishers can build phone systems that appear as elaborate as those used by banks, O’Donnell says. “They’re leveraging the same economies that make VoIP attractive for small businesses,” he says.

More here.

0 Comments:

Post a Comment

<< Home