Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Verification line quoted in phishing e-mails fraudulent, warns Sophos.

Sophos : 20 February, 2008  (Technical Article)
Latest wave of phishing e-mails contain fake telephone number for recipients to call to verify authenticity of "bank" originated e-mail.
IT security and control firm Sophos is warning computer users to be extra vigilant about any emails which claim to come from financial institutions, no matter how genuine the correspondence appears. The warning comes as customers of a small credit union, Kessler Federal, are being targeted with phishing emails that attempt to cash in on a phishing warning posted on the organisation's website, and entice worried customers to call a fake phone number to verify their details.

Sophos experts note that to add credibility to the phish, the cybercriminals have stuck very closely to the text used on Kessler Federal's website and have included legitimate URLs which link to official advice pages, as well as the proper email address for reporting abuse. However, the phishers did change the date, text and phone number at the bottom of the email in an attempt to solicit phone calls to the posted number.

When dialled, users are greeted with an automated voice which assures callers that they will not be asked for any personal information such as a Social Security number. It then goes on to ask for the customer's bank card number, followed by the PIN - sufficient information for the cybercriminals to steal money from the user's bank account at a cash machine, or to transfer funds to an off-shore account.

'By using genuine links in the email, the cybercriminals are making it very hard for recipients to realise this is a phish. What's more, most computer users are now wary of clicking on links and entering their details, so asking customers to call to verify their information further enhances the legitimacy of the email,' said Graham Cluley, senior technology consultant at Sophos. 'Phishing techniques are constantly evolving as the organisations and customers involved wise up to the old tricks. Plus, it's not just global brands that are being targeted - any size financial organisations is valuable to phishers providing they can make their scams seem legitimate and trick users into handing over their personal details.'

Sophos notes that this is not the first time that voice phishing (known as 'vishing') has been used to trick innocent victims' into parting with their bank details. In 2006, PayPal users were targeted by a similar scam.

'There seems to be little that financial organizations can do to stop criminals cloning their switchboards lock-stock-and-barrel,' explained Cluley. 'To combat the risks, users should learn to use the telephone number on the back of their card or go into a branch rather than trusting everything they receive via email.'

Sophos recommends that users protect themselves with a consolidated solution that can defend against the threats of spam, spyware, hackers and viruses; and that they exercise caution with unsolicited emails.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo