[funsec] Vishing (voice/phone phishing) - public incident
Dr. Neal Krawetz
hf at hackerfactor.com
Sat Jun 24 13:02:48 CDT 2006
I've received similar automated phone calls over the last month.
(An unsolicited phone call, not a spam email.)
Each time the automated system says that there was a problem with my
account approval.
Press 1 to re-submit my account credentials.
Press 2 to review my account information.
Press 3 to request more information about my account.
The big problems:
- No caller ID.
- No identification (they do not even pretend to be a bank).
- No mention of who they are calling.
- No option to talk to a human.
- In the first call, there was one pregnant pause during a word in
option #3 -- likely VoIP.
- (Forget the fact that they are in violation of the No-Call law...)
- Oh, and I haven't tried to setup any accounts. (Duh!)
A few coworkers have received similar calls. They're probably calling
everyone in the area code (or region).
The voice quality was better than the Websense WAV file. (Likely a
different automated system.) It reminded me more of the T-Mobile
automated woman -- even had the slight southern accent.
I've got my phone set to record it next time. It's phun!.
-Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
http://www.charlesriver.com/Books/BookDetail.aspx?productID=126130
On Fri Jun 23 11:09:28 2006, Gadi Evron wrote:
>
> Last year some of us made jokes about Vishing on funsec, today it's a
> reality. Here is the incident going public:
> http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534
>
> Special thanks to the good guys at Websense and the PIRT guys at
> CastleCOPS PIRT.
>
> I guess jokes about Vishing with a heavy Russian accent were good, too bad
> this wave file doesn't have that accent. :)
>
> The attacked party is Santa Barbara Bank & Trust. I suppose the IRS will
> also take interest in this.
>
> Gadi.
More information about the funsec
mailing list