Phishing by Phone

Internet scam artists are now using the telephone to breach your privacy and your bank accounts and it seems to be working. Last week the FBI's Internet Crime Complaint Center raised the alarm about the increasing number of phishing attacks that are using a combination of email and telephone. (Source: computerworld.com)

The use of the telephone in these schemes is a departure from the email-only type of phishing assault and is catching many companies and individuals unawares. In the past, typical email phishing scams have involved making various representations via email and asking users to respond by email or by clicking through to a specific web site. For example, users may be told that their bank account access has been suspended pending verification. The user is instructed to then verify their account by going to a bogus bank's site and re-entering their account number and access code. Most Internet-savvy users are now wise to this approach and readily recognize the poor grammar used in these emails, or the phony URL's they are being directed toward.

However, the new schemes are multi-media. Now, an unsuspecting user may receive an official-looking email that informs them that their account access has been restricted and then directs them to call a certain telephone number to re-activate their account. When they call, they are greeted with a genuine-sounding automated attendant who then transfers them to an agent. The agent, under the guise of verifying their account information extracts the necessary account and code information from the user. This approach seems to be working, given that credit card users have come to expect the need to enter their account numbers into the phone and to answer security questions prior to engaging a representative.

These combined telephone and email scams are becoming more prevalent because VoIP telephony is both easy to access and inexpensive. It is also difficult to trace; the automated telephone attendant software needed to set up credible call reception in these scams is equally accessible and inexpensive. The ready availability of these technologies is spawning a new wave of creative cyber-crime. (Source: businessweek.com)

Just because it looks like your bank, talks like your bank, and walks like your bank, no longer means that it is your bank. The best way to be sure is to never deal with unsolicited incoming calls or click through to unsolicited emails. If you receive an email or telephone call from "your bank", call them back by looking up the number on your own.