Phishers are taking advantage of the inexpensive Voice over Internet Protocol (VoIP) services and lure victims to fraudulent automated call centers, inforworld
When referring to a phisher we normally think of the thieves that email their victims, trying to trick them into revealing personal information on fake web sites. But instead of telling victims to click on a web link, this attack asks users to verity account information on a bogus customer support number.
"Part of the danger here is just the fact that it is novel," said Adam O'Donnell, Senior Research Scientist at Cloudmark, an email filtering company in San Francisco. "Most people are pretty comfortable calling to a phone number that they think is their bank's."
So far these phone phishing attacks have not been common. Cloudmark first detected them in mid-April and they stopped after continuing on a very limited scale for about three days. "It looks like a single scammer doing a proof of concept," O'Donnell thinks.
Cloudmark intercepted about a total of 1,000 of these phishing messages, a small number considering that Cloudmark's email filtering service is used by approximately 100 million customers' mailboxes.
However, the phishing attacks caught Cloudmark's attention because they use a telephone number, which was served by a small U.S.-based VoIP carrier. This made them some of the first to leverage the cost savings of VoIP, O'Donnell said.
VoIP services are attracting phishers because they allow customers to set up numbers anywhere in the globe. The costs are low for thieves to set up a phony professional line, given they can also be combined to a telephone software.
Spammers have already been taking advantage of this inexpensive technology, using phone numbers instead of web sites in their email solicitations, but this was the first time Cloudmark had seen the approach used by phishers, he said.
O'Donnell refused to reveal the name of the regional U.S. financial institution that was affected by these attacks.