» Scammers Use VoIP in Phishing Spam AttemptTelecommunications Industry News

Telecom News Editorials Reports Glossary

Scammers Use VoIP in Phishing Spam Attempt

6:20 am on April 27, 2006 | Category: VoIP

Security firm, Cloudmark Inc., has recently discovered a new internet phishing scam, which uses VoIP technology to steal bank account numbers and other private information.

The scheme occurred last week, and involved a spam email disguised as coming from a small bank in the eastern U.S. The email asked readers to dial a special telephone number, which lead to an automated voice system asking for personal information, including a bank account number and PIN.

The phone numbers used in this scam were obtained through a VoIP provider, and although Cloudmark has no reason to suspect that the provider cooperated with the scam, the use of a VoIP number makes it virtually impossible to track down the culprits.

In this case, the scammers used an open-source software application called Asterisk to turn an ordinary computer into a PBX (Private Branch Exchange), running an automated voice system that duplicated the bankâ€™s phone tree.

Phishing has traditionally been done purely through the web, but a voice-based version of the scam is a natural mutation in many ways, and may command more trust amongst unsuspecting victims. Whether or not this type of scam becomes a mainstream problem will likely depend on its success at tricking recipients.

“This is very early on, and we haven’t seen a spike,” said Cloudmark senior research scientist, Adam J. Oâ€™Donnell. “Our main purpose at this point is to tell consumers before they fall victim.”

Telecommunications Industry News