Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

Vishing – VOIP phishing scams

Posted by Michael Bloch in online world (Tuesday July 11, 2006 )

I guess nothing is sacred or untouchable to the bottom feeders of the web. It was only a matter of time before VOIP (Voice Over IP) was exploited by phishers. Welcome to the newest trick in the fraudster bag – “vishing”.

The easy accessibility to VoIP technology combined with the tendency for people to be manipulated through social engineering tactics has proved to be just too tempting for some of the online world’s sociopathic element.

Here’s how the vishing scams work:

The fraudster, via a VoIP service provider, uses auto-dialer software to call all the phone numbers in an area. If a call is answered, then a recorded message plays stating that the person’s credit card has been compromised and that they should call another number to rectify the issue.

When the person calls that number (also hosted by a VoIP service), they are greeted by another recorded message, instructing them to verify their account by entering their credit card number.

Done and dusted – the fraudster has all the details they need to create havoc – the person’s telephone number, the name of the person (using a reverse lookup on the number) and their credit card details. Ouch. You can read more about this particular vishing scam here.

A similar scam is being run on PayPal customers too. In that scenario, the “alert” comes via email and directs the person to call a number. As with the other scam, the person is then instructed by a computer generated voice to enter their credit card details. You can see a copy of the vishing email and listen to the recorded message here (Sophos press release).

While that press release doesn’t mention a VoIP connection, I’m assuming that the number/s being used in the PayPal scam have been garnered through one of the many VoIP companies that have sprung up in recent times. For example, I’m based in Australia, but through the VoIP provider I use, I also have a USA number – it’s very easy to set up and very cheap to maintain. It’s an incredibly handy service; such a shame to see the technology being abused in this way.

The fraudster would simply use a stolen identity and credit card number to open a VoIP “phone” account. No doubt the phone number wouldn’t remain active for long once it’s reported; but they’d just then open another account with different ID and card details in order to continue their vishing spree. It will be interesting what the VoIP providers do to combat the vishing issue. I’m thinking that they’ll need to monitor their networks for accounts that are calling out to a succession of numbers rapidly.

The floodgates are now open, let’s hope they shut them quick – otherwise it won’t be just the telemarketers we’ll be battling while trying to eat our dinner.


Learn more about VoIP (Voice over Internet Protocol)


Comments for Vishing – VOIP phishing scams

No comments yet.

Sorry, the comment form is closed at this time.