Thursday, February 28, 2008

Vishing - The Newest Weapon for Phishing

As Internet users learn not to divulge confidential information on websites, phishers move to new, uncharted territories. Their newest weapon is called “vishing”, as in “Voice Phishing”. It relies on Internet telephony to trick users to hand over their private data.

People trust phone transactions more than they trust the Internet, because the traceability and cost of landline or cellular phone service make mass phone fraud impractical. Moreover, vishing mimics the legitimate ways people interact with their financial institutions - one that has been touted as being safer. After all, many institutions advise calling by phone when in doubt. So victims are more likely to respond without hesitation to a vishing trap.

But VoIP service has brought together the Internet and telephone worlds, and makes such attacks easy and more cost-effective.

Internet-based phone companies make it easy to obtain an anonymous account and to handle large call volumes at little cost.

Inexpensive software lets thieves create an interactive voice response system that sounds exactly like the one your bank uses—even matching the on-hold music.

Traditional anti-phishing tools cannot easily detect a false telephone number within an email text, so protection against vishing is up to the user.

How to protect yourself

Common sense is the only true universal weapon when ID theft is involved!

Never respond to an email or voice mail that asks you to go to a website or to call a phone number to resolve an account problem. These are never legitimate.

If there is any question, call the merchant or institution at a number you know is genuine - either one found on the regular website (after having entered the address yourself!) or in the Yellow Pages.

Recent Comments