by CIO Staff

New VoIP Phishing Scheme ID’d, Blocked by Cloudmark

Apr 26, 20062 mins

A new form of phishing scheme using voice-over IP (VoIP) technologies has been identified and blocked by messaging security solutions providers Cloudmark, according to the group’s April 25 release.

In this new form of phishing, perpetrators send their targets e-mails purporting to come from legitimate banks or other financial institutions, informing them that there is a problem with their account and instructing them to call the phone number provided within the e-mail. If users are duped into calling the number, they’re connected to a private branch exchange via VoIP where messages are played that sound exactly like recordings from victims’ banks. After identifying themselves as the appropriate banks or institutions, the phone systems then request sensitive user information like PINs and account numbers, according to Cloudmark.

“We’ve seen two separate VoIP attacks hit our network this week, the first we’ve been able to analyze in detail. In these attacks, the targets receive an e-mail, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem,” said Cloudmark’s Senior Research Scientist Adam J. O’Donnell. “The result can be personally and financially devastating.”

Cloudmark says VoIP phishing scams are potentially more dangerous than typical phishing schemes because they’re cheaper to perpetrate and more difficult to trace, due to the fact that phishers can add and cancel VoIP phone numbers very easily, according to Cloudmark.

The Cloudmark Collaborative Security Network first detected and started blocking the attacks last week using “fingerprinting” algorithms that can identify the phone numbers employed in the schemes.

Cloudmark advises any individual who receives an e-mail like the ones described above not to call any phone numbers within the message before verifying them against the numbers on their ATM cards or with the actual banks, and to notify their service providers.

For related news coverage, read Wells Fargo, AOL to Join Symantec Antiphishing Initiatives.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.