Sunday, July 09, 2006

Vishing - a twist to phishing

It appears that a new method of phising is beginning to appear on the horizon, and chances are, likely to explode in the coming months.

Internet users are a bit more wary these days of clicking embedded links in emails so these scamming scounderels are beginning to use phone numbers (typically obtained via a VoIP service provider) to provide a level of comfortability for potential victims. Users are being emailed and asked to call a telephone number to "verify their account information" and, according to news reports, another variation is to configure an automatic phone dialler to dial a list of numbers, and if there is an answer, playback a recorded message saying the users cards had been compromised and to call a supplied telephone number. Call this number and you get asked for various personal information to "verify your account information". And there goes your account.......

This twist to phishing has potential to become a major problem. People tend to be more comfortable speaking on the phone than emailing, and this is the incentive behind using voice calls as a medium. VoIP accounts provide cheap calling rates, and some providers eg. in the US, may also provide free or 1cent domestic calls which leads to this being a viable tool for scammers. No point blaming the VoIP providers, as the onus really is on the user to exercise caution. Having said that, it may be time for VoIP providers to ask for suitable identification before allocating phone numbers.

No comments: