Secure Computing engineers have been tracking news group sites and open disclosure discussion groups that have been buzzing with talk about a new technique called "vishing." This new method exploits the low cost of VoIP and combines it with the social engineering aspects of phishing to extract financial information from unsuspecting credit card and banking customers.
The scam is a telephone based version of phishing, hence the name vishing. This new technique enables cyber criminals to harvest details of the 3 digit CVV (Card Verification Value) security code, expiry date and other essential ID information in addition to the customer's card and account numbers. The visher can use a stolen identity to set up a digital voice-response system through an Internet phone company. It is also possible that the phone number listed in the vish is routing calls to another number which could be anywhere in the world.
"Although vishing is not yet a problem in the Middle East because of the restricted use of VoIP, consumers need to be made aware of this new threat as it hits the UK," said Sami Mulla, Director, Middle East, Secure Computing. "Like most other social engineering exploits, vishing relies upon the 'hacking' of a common procedure that fits within the victim's comfort zone. Specifically, this methodology takes advantage of what has become a normal practice for credit card users in many countries. It is a normal procedure when calling a credit card provider to be asked to enter your 16-digit credit card number before given the opportunity to speak to a credit card representative. Consumers need to be extra vigilant when giving out their information on the phone."
Vishing scams often follow a familiar process. The cyber criminal configures a war dialler (sequentially dials regional phone numbers) to call phone numbers in a given region. When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the following phone number immediately (xxx) xxx-xxxx. The phone number could be an 800 number or a regional telephone number often with a spoofed caller ID for the financial company they are pretending to represent.
When the consumer calls the number, it is answered by a typical computer generated voice that tells the consumer they have reached account verification and instructs the consumer to enter their 16-digit credit card number on the key pad. Once the consumer enters their credit card number, the visher has all of the information necessary to place fraudulent charges on the consumer's card. The call can then be used to harvest additional details such as security PIN, expiry date, date of birth and bank account number.
"Anyone who is called by a bank should take the appropriate steps to protect their personal information and their bank account," said Mulla.
Browse
related articles
Secure Computing warns of new VoIP based phishing scam
- United Arab Emirates: Thursday, August 03 - 2006 at 12:13
- PRESS RELEASE
Secure Computing Corporation (NASDAQ: SCUR), the experts in securing connections between people, applications and networks, has warned that familiar phishing attacks have now evolved into phone scams.
Related stories
Also consider reading:
Digg
Facebook
LinkedIn
Twitter
Browse
related articles
Today's most read articles:
- » Nokia N900 to hit UAE stores
- » Abu Dhabi Tourism Authority plans measured expansion for 2010
- » Boeing to showcase tailored portfolio of products and services at Dubai Air Show 2009
- » Burj Dubai enters final leg of construction
- » Marriott International announces the signing of five hotels for its newly established Middle East and Africa region
Log in to request more information from Secure Computing
Notes and media contacts
About Secure Computing:Secure Computing (NASDAQ:SCUR) has been securing the connections between people and information for over 20 years. Specializing in delivering the world's strongest security appliances/firewalls, identity and access management solutions, content management and filtering solutions, Secure Computing is uniquely qualified to be the global security solutions provider to organizations of all sizes. Our more than 17,000 global customers, supported by a worldwide network of partners, include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, education and national and local governments. The company is headquartered in San Jose, Calif., and has offices worldwide.
All trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
This press release contains forward-looking statements relating to Secure Computing's finding of VoIP vishing scams and such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are delays in product development, undetected software errors or bugs, competitive pressures, technical difficulties, changes in customer requirements, general economic conditions and the risk factors detailed from time to time in Secure Computing's periodic reports and registration statements filed with the Securities and Exchange Commission.
For further information, please contact:
Secure Computing
P.O. Box 500414, Dubai Internet City
Dubai UAE
Tel: 00 971 4 3913500,
Fax: 00 971 4 3918668
Orient Planet, PR & Marketing Communications
P.O. Box 23345, Dubai UAE
Tel: 00 971 4 3988901
Fax: 00 971 4 3988941
Website: www.orientplanet.com
Posted by Anne-Birte Stensgaard, Senior News EditorThursday, August 03 - 2006 at 12:13 UAE local time (GMT+4)
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of AME Info FZ LLC / Emap Limited.
This article was updated on Tue Mar 27 2007.
Disclaimer:
Articles in this section are primarily provided directly by the companies appearing or PR agencies which are solely responsible for the content. The companies concerned may use the above content on their respective web sites provided they link back to http://www.ameinfo.com
Any opinions, advice, statements, offers or other information expressed in this section of the AMEinfo.com Web site are those of the authors and do not necessarily reflect the views of AME Info FZ LLC / Emap Limited. AME Info FZ LLC / Emap Limited is not responsible or liable for the content, accuracy or reliability of any material, advice, opinion or statement in this section of the AMEinfo.com Web site.
For details about submitting your stories, please read the guide - all content published is subject to our terms and conditions
It looks like you are using a Mac - check out our 
Web Feeds