Please support our Tech Talk advertiser: Programming Forums
Featured Entry 
Jul 8th, 2006, 5:48 pm
Are users becoming more wary of link clicking in email? Are they getting savvy to the tricks of the email phisher? Certainly there is some evidence that the security message is starting to get through to the masses, but not nearly quickly enough to turn the phishing tide in my opinion. Whatever the case, it appears that ID thieves need to find their own unique selling point in order to stand out in a sea of scam. Anti-virus specialist Sophos has uncovered one such attempt, where the phisher uses a new twist to con PayPal users into revealing credit card details.
It starts off as any other PayPal scam, claiming fraudulent activity on the recipients account and requiring contact to confirm personal details to reactivate it. But there is no typical ‘click here to confirm’ link that opens a convincing fake site with login screen to capture username and password followed by a form to capture financial detail. What there is, is a telephone number to call in the US that leads to a voice message purporting to be ‘account verification’ and asking the caller to enter their credit card number to match the one they supposedly have on file. This is a lot cleverer than at first it may seem, as users have been conditioned by security experts and the media alike to be rightly wary of link clicking in email messages. What is more, those same advisors will often say that if in doubt you should telephone the company concerned. With companies like PayPal operating almost exclusively online, including support, and not exactly publicizing telephone numbers it plays right into the scammer’s hands on all counts.
What is more, the phishing crew behind this one has used software that knows what a genuine credit card is, and if the user enters an incorrect one they will be prompted to re-enter: so enhancing the feel of legitimacy and reducing suspicion. Although this particular phishing attempt is far from crude, it seems certain that the phone phishers will quickly become more mature and accomplished. Sophos warn that the harvesting of messages from corporate switchboard systems, so as to fool callers into thinking they have the real thing on the end of the line, is a likely next move.
You can read more and listen to an actual recording of the VoIP phishing scam at Sophos.
It starts off as any other PayPal scam, claiming fraudulent activity on the recipients account and requiring contact to confirm personal details to reactivate it. But there is no typical ‘click here to confirm’ link that opens a convincing fake site with login screen to capture username and password followed by a form to capture financial detail. What there is, is a telephone number to call in the US that leads to a voice message purporting to be ‘account verification’ and asking the caller to enter their credit card number to match the one they supposedly have on file. This is a lot cleverer than at first it may seem, as users have been conditioned by security experts and the media alike to be rightly wary of link clicking in email messages. What is more, those same advisors will often say that if in doubt you should telephone the company concerned. With companies like PayPal operating almost exclusively online, including support, and not exactly publicizing telephone numbers it plays right into the scammer’s hands on all counts.
What is more, the phishing crew behind this one has used software that knows what a genuine credit card is, and if the user enters an incorrect one they will be prompted to re-enter: so enhancing the feel of legitimacy and reducing suspicion. Although this particular phishing attempt is far from crude, it seems certain that the phone phishers will quickly become more mature and accomplished. Sophos warn that the harvesting of messages from corporate switchboard systems, so as to fool callers into thinking they have the real thing on the end of the line, is a likely next move.
You can read more and listen to an actual recording of the VoIP phishing scam at Sophos.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 1,269 views, 0 comments, and 2 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Jul 8th, 2006.
•
•
•
•
advertising apple blog browser business data dell development economy email facebook firefox gaming google government hacking hardware ibm intel internet iphone ipod itunes linux mac malware microsoft mobile mozilla mp3 music news open source privacy search security software sony spam stocks technology ubuntu video virtualization vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- WinDefender 2008 How to Get rid of it (2 Hours Ago)
- Who does Microsoft hate the most? (14 Hours Ago)
- Apple Leaves Customers Bugging Out! (4 Days Ago)
- T-Mobile loses 17 million customer records (6 Days Ago)
- No more crazy satnav directions? (6 Days Ago)
- Who Really Rules The World? (7 Days Ago)
- Fat spotty losers with no friends feel Internet teen heat (8 Days Ago)
- Apple iTunes Store Closing Bluff Works (9 Days Ago)
- Elvis cloned! (10 Days Ago)
- Moles attack data (10 Days Ago)
Related Forum Threads
- open link in opening window (JavaScript / DHTML / AJAX)
- Ebay and Paypal Warnings (Viruses, Spyware and other Nasties)
- My response to a forwarded e-mail from a stranger (Geeks' Lounge)
- JLabel Web Link (Java)
- I can't open web link in OE6, please help (Web Browsers)
