The Cloudmark Collaborative Security Network (CCSN) first spotted and began to block these threats last week.
Adam J. O'Donnell, senior research scientist at Cloudmark, says, "We've seen two separate VoIP attacks hit our network this week, the first we've been able to analyze in detail. In these attacks, the target receives an email, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem."
Callers are then connected over VoIP to a PBX (private branch exchange) running an IVR system that sounds exactly like their own bank's phone tree, directing them to specific extensions. In a VoIP phishing attack, the phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN. "The result," O'Donnell surmises, "can be personally financially devastating."
VoIP-based services allow phishers to cheaply add and cancel phone numbers that are harder to trace than conventional numbers.
As a precaution, Cloudmark advises against dialing phone numbers received in emails from institutions and to double-check and dial the numbers printed on ATM cards instead.
E-mail this story
Printer-friendly version 
Bookmark this page