Cybercriminals learn to vish

Computer users in the US have reported a new security threat using Voice Over IP (VoiP) as part of a phishing scam.

  • E-Mail
By  Daniel Stanton Published  July 26, 2006

Computer users in the US have reported a new security threat using Voice Over IP (VoiP) as part of a phishing scam. Known as ‘vishing’, the scheme involves targeting VoiP users with emails purporting to be from their bank and asking them to call a telephone number because there are problems with their account. Callers to the number hear a recorded message which asks them to key in their account number. Using a programme that recognises telephone keystrokes, the criminals are then able to capture the caller’s account information. There are reported to have been two vishing attacks on AOL users in the last week. Justin Doo, regional manager, Trend Micro Middle East and North Africa, said: “Phone phishing has been around for quite some time, even if it was not called vishing. These scams were used even before internet was popular. “What we are seeing now is the same old trick, but supported by modern technology, so more potential victims could be reached.” He added: “For me, the banks have to increase their safeguards – it’s their responsibility to protect their users through proper challenge/reply systems and two factor authentification.” Doo suggested that online banks should require customers to use tokens or smart cards as part of their authentification process. The use of VoiP may be more effective than email in criminal schemes, since it is extremely difficult to tell from which location the call is coming. “People have been used to phishing attacks on email, so they would tend to disregard them,” said Asem Galal, general manager for McAfee in the UAE, Kuwait, Qatar and Egypt. “The problem with VoiP is that in many cases you can’t tell who is calling you. Sometimes it’s easily hackable as well, so you can pretend to be somewhere else.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code