James Middleton

July 11, 2006

2 Min Read
Vishing threat emerges

Consumers are being warned of a new communications fraud lurking online that uses voice to con them out of money and personal details.

According to US-based Secure Computing Corporation, phishing attacks have now evolved into phone scams and, have earned the monicker `Vishing’ scams.

Secure Computing, which has tracked online news and discussion groups to better understand the tactic, says the new method exploits the low cost of VoIP and combines it with the social engineering aspects of phishing.

The technique fools the victim into thinking they have received a call from their bank or credit card company. In fact, it’s a digital voice-response system routed through an internet phone company.

The victim will hear a message which includes instructions to call a phone number to resolve the problems. That number connects the caller to a voice response system asking the consumer to enter their 16-digit credit card number, Secure Computing said.

The route of a vishing scam:

The cybercriminal configures a war dialler (sequentially dials regional phone numbers) to call phone numbers in a given region.

When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the

Following phone number immediately (xxx) xxx-xxxx. The phone number could be an 800 number or a regional telephone number often with a spoofed caller ID for the financial company they are pretending to represent.

When the consumer calls the number, it is answered by a typical computer generated voice that tells the consumer they have reached account verification and instructs the consumer to enter their 16-digit credit card number on the key pad.

Once the consumer enters their credit card number, the visher has all of the information necessary to place fraudulent charges on the consumer’s card: Telephone number, full name and address, credit card number.

The call can then be used to harvest additional details such as security PIN, expiration date, date of birth, bank account number, etc

Vishers have begun been sending out emails that attempt to trick people into sharing personal information and have them dial fake numbers.

Paul Henry, vice president of strategic accounts for Secure Computing, said in a statement: “Consumers need to be extra ­vigilant when giving out their information on the phone. Common sense is the first line of protection.”

About the Author(s)

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

You May Also Like