Phishers Snare Victims With VoIP - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Phishers Snare Victims With VoIP

The recipient is asked to dial a telephone number to talk with a "bank representative," but then is asked to leave personal information on an answering machine. It's the first time VoIP has been used in this fashion, a security vendor says.

A security firm on Tuesday reported discovering a phishing scheme in which the scammers used Internet telephony to copy a bank's automated voice system in order to steal customers' passwords, account numbers and other personal information.

In the attack that occurred last week, con artists sent spam disguised as coming from a small bank in a large East Coast city, Cloudmark Inc., a messaging security firm, said. The message asked the recipient to dial a telephone number to talk with a bank representative.

The number went to an automated voice system that asked for an account number and personal identification number, or PIN, in order to access the caller's finances. The number was obtained through a regular provider of voice over Internet protocol services.

There was no indication that the VoIP provider was aware of the scam, said Cloudmark, which declined to name the company and the spoofed bank.

The incident reflected a mutation in the tactics used by phishers to snare victims. More traditional schemes involve spam asking the recipient to visit their bank's Web site through a link in the message. At the bogus site, the visitor is asked to input personal information.

The latest scheme, however, is the first Cloudmark has seen using Internet telephony. An investigation by the San Francisco security firm showed that the scammers had used open-source software called Asterisk to convert a computer into a PBX, or private branch exchange, running an automated telephone information system. The voice system sounds exactly like the bank's phone tree, directing the caller to specific extensions, Adam J. O’Donnell, senior research scientist at Cloudmark, said.

O'Donnell believes it's likely the phishers were using virus-infected computers that had been commandeered to take calls over the Internet.

The use of VoIP is a natural mutation of phishing, since it involves Internet technologies that crooks operating on the Web are familiar with, O'Donnell said. In addition, obtaining a VoIP telephone number is easy and inexpensive and calls can be directed to any IP address. In the latest attack, the phishers used the same pitch in the emails, but used three different telephone numbers.

"Through the economics of using VoIP, phishers reap the same benefits of any small business," O'Donnell said.

It's not known how popular VoIP technology will become with phishers. That would depend on how successful it is at trapping victims

"This is very early on, and we haven't seen a spike," O'Donnell said. "Our main purpose at this point is to tell consumers before they fall victim."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll