Enter the vishermen

Grant Gross   Today’s Top Stories   or  Other Cybercrime and Hacking Stories  

Windows Vista® Migration: What Really Happens? A Customer's Perspective Real-time collaboration and development with IBM Rational Team Concert streamlines any project Web Threats Don't Discriminate Go Green with Webroot® Perimeter Security SaaS! Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology The Latest Advancements in SSL Technology Compterworld Technology Briefing: Intelligent Users Use Business Intelligence Computerworld Report- Large Enterprises Pay More for IPAM An Apple for Your Enterprise? Sign up to receive Cybercrime and Hacking Resource Alerts

July 10, 2006 (IDG News Service) -- A new kind of identity theft scam, with thieves using easy-to-obtain VoIP (voice over Internet Protocol) telephone numbers to trick Internet or telephone users, is beginning to pop up, said a cybersecurity vendor.

Related to phishing scams, the new scheme uses cheaply obtained VoIP numbers as bogus credit card or financial services telephone numbers, said Paul Henry, vice president of strategic accounts for Secure Computing Corp. The company has observed only two such scams so far, but it expects the practice to "explode," Henry said.

With Internet users being warned about clicking on hyperlinks in unsolicited e-mail, the new scam includes a phone number instead, Henry said. "It's a natural elevation of the art to move it to the telephone," he said. "People are getting nervous about clicking on links."

In phishing scams, identity thieves send e-mail that looks like it comes from a bank, credit card company or online payment service such as PayPal. The e-mail typically says the recipient's account has been compromised in some way, and it contains a link to an official-looking Web site where the recipient can enter account information.

In the new scam, which Secure Computing calls "vishing," identity thieves ask potential victims to call a phone number attached to a VoIP account, easily obtained online through services such as Skype or through retailers reselling VoIP products such as Vonage Holdings Corp., Henry said.

In one vishing case, scammers targeted PayPal users by including a telephone number in a spam e-mail. In the other case, the criminals configured an automatic telephone dialer to dial phone numbers, and when the phone was answered, played an automated recording saying their credit card has had fraudulent activity.

The recording asked the telephone customer to call a number with a spoofed caller ID related to the credit card issuer, Secure Computing said. Once users call, they are asked for personal account information.

VoIP numbers are easy to obtain anonymously, but Henry didn't fault VoIP providers for vishing scams. A larger problem is the ease of obtaining credit online or over the telephone, he said.

Consumers are comfortable with obtaining credit online or by dialing automated telephone services to get credit, but if credit-granting businesses required physical contact, phishing and vishing scams would be almost eliminated, he added.

"In today's environment, it's absurd," Henry said.

To avoid vishing scams, Secure Computing offered these pieces of advice:

• Credit card companies normally refer to customers by their full names in any communication. If an e-mail or phone call does not refer to your full name, it may be a scam.
• You should not call a telephone number provided in a phone call or an e-mail regarding possible security issues with any credit card or bank account. You should call the phone number on the back of your credit card or on your bank statement to report security concerns.
• If anyone purporting to be a credit card provider calls and requests your card number, hang up and call the phone number on the back of the credit card and report the attempt. If the call was legitimate, the credit card provider will have knowledge of it.

Reprinted with permission from

IDG.net
Story copyright 2008 International Data Group. All rights reserved.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"The recent attacks in Mumbai were carried out by assailants using high tech methods. It’s just another way in which..." Read more... Read more Security posts or See all Blogs

Virtually every Windows PC at risk, says Secunia Moving to a start-up? Fasten your seatbelt In high-tech schools of the future, Facebook in class is boosted -- not banned More top stories...

Microsoft spells out Vista SP2 contents License server glitch exposes SonicWall users to e-mail security threats PC sales expected to drop as economy strikes another blow

Review: The new MacBook Air, now with extra SSD goodness Thin as ever, the latest Air offers up to twice the storage and snappy performance. Cool Stuff: Your 2008 Holiday Gift Guide We've got an array of economical, expensive, and just plain weird tech gifts for your friends and family. Massive botnet returns from the dead, starts spamming The spam-spewing 'Srizbi' botnet that was shut down two weeks ago has been resurrected and is again under criminal control, say security researchers. Elgan: Why you can't trust 'friends' on Facebook Facebook is popular and growing -- especially with criminals. Here's why they love it. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. The Importance of Application Management Dell Client Migration and Deployment Services Windows? Enterprise Data Protection with Symantec Backup Exec" View more whitepapers  Record Capacity for Microsoft? Exchange 2007 With VMware and IBM System x3850 M2 Download this white paper today! (Source: VMware) The more that e-mail becomes an entrenched IT infrastructure application, the more that messaging administrators face numerous--sometimes conflicting--demands in the categories of availability, flexibility and cost. Employing a virtual solution can help avoid expensive over-provisioning of server computing resources, while improving management and disaster recovery. And ultimately, it can more than double the number of supportable Exchange 2007 users, as compared to a non-virtualized environment. This whitepaper explains how to break down the scalability barrier and respond faster to your mail system needs. Download this white paper

• Virtually every Windows PC at risk, says Secunia
• Microsoft spells out Vista SP2 contents
• Moving to a start-up? Fasten your seatbelt
• More top stories 

In Security Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected. Click here to read the latest column by Jon Espenschied

Protecting Exchange While it was once just a convenient way for employees to communicate internally, today e-mail systems like Exchange are tightly integrated with other business applications and are one of the primary methods for communicating with current and prospective customers. Protecting Exchange against costly downtime has become a top priority for more IT departments. So how do you ensure that your Exchange environment is always protected? Download this white paper now!

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler