Thieves use VoIP for new phishing attack

• Google Phone back on sale
• FryUp: It's a kind of Magic
• Engineers hit the streets over Chorus subcontracts
• International capacity blamed for NZ broadband constraints
• ICT education reform hailed as biggest change in 20 years

 

The evolution of laughter and violence
Zoologists have identified signs of laughter in apes from tickling them. According to the researchers, from Portsmouth University, efforts to trace the origin of laughter - which they say evolved over the past 10 milllion to 16 million years -...
> more from Blog

• ANZ group on platform to conquer
• Doctor in the house
• The demise of the offshore captive centre
• The true cost of Microsoft SharePoint
• What your IT budget says about your company's value

SUBSCRIPTIONS

Computerworld is New Zealand's only specialised information systems fortnightly.

Subscribe now for $97.50 (24 issues) and save more than 60% off the cover price!

NEWSLETTERS

Get the latest news from Computerworld delivered via email.
Sign up now

NEWSFEED

Subscribe to Computerworld's
RSS newsfeed here and get news stories as they break.

• Two decades in IT — it's all about connectivity
• Hackers stealing PBX phone minutes to on-sell cheap
• SHARK TANK
• When voice becomes data, threats abound
• New VoIP-based phishing scam popping up
• Internet Exploder; Yahoo user tracking

Typically phishers email their victims, trying to lure them into revealing sensitive information on bogus websites. But instead of telling victims to click on a web link, this attack asks users to verify account information on a phony customer support number.

"Part of the danger here is just the fact that it is novel," says Adam O'Donnell, senior research scientist with Cloudmark, an email filtering company in San Francisco. "Most people are pretty comfortable calling to a phone number that they think is their bank's."

To date the phone phishing attacks have not been widespread. Cloudmark first started seeing these attacks in mid-April and they stopped after continuing on a very limited scale for about three days. "It looks like a single scammer doing a proof of concept," O'Donnell says.

In total, Cloudmark intercepted about 1,000 of these phishing messages, a small number considering that Cloudmark's email filtering service is used to filter mail for about 100 million mailboxes, O'Donnell says.

However, the attacks caught Cloudmark's attention because of its use of a telephone number, which was served by a small US-based VoIP carrier. This made them some of the first to leverage the cost savings of VoIP, O'Donnell says.

VoIP services are appealing because they allow customers to set up numbers anywhere in the globe. And because they can be combined with telephone software like the open-source Asterisk PBX (Private Branch Exchange) product, it can be inexpensive for thieves to set up a professional-sounding line.

"Getting a traditional phone number is high-cost," says O'Donnell. "With VoIP, the barrier to entry is significantly lowered."

Spammers have already been taking advantage of these low costs, using phone numbers instead of web sites in their email solicitations, but this was the first time Cloudmark had seen the approach used by phishers, he says.

O'Donnell declined to name the regional East Coast financial institution that was targeted in this attack.