Security – First Phishing, Now Vishing

Now that identity thieves have almost perfected phishing, they’ve moved on to “vishing”: Scammers are using voice-over-IP (VoIP) telephone numbers to trick people into revealing credit card and bank information, says Paul Henry, vice president at Secure Computing. The Internet security software maker has seen just four vishing scams to date, but expects the practice to “explode,” Henry says.

In phishing schemes, scammers send e-mail that looks like it comes from a bank, credit card company or PayPal. The e-mail typically says the recipient’s account has been compromised and needs information confirmed, and includes a link to an official-looking site. In “vishing,” identity thieves ask people to call a phone number attached to a VoIP account. Such accounts can be obtained easily online through services like Skype or retailers such as Vonage reselling VoIP products, Henry says.

In one vishing case, scammers targeted PayPal users by including a ¿telephone number in an e-mail. In another case, criminals used an automatic dialer to call potential victims and play a recording that warned of fraudulent credit card activity. The recording asked people to call a number (with a spoofed caller ID) and confirm personal data.

Unfortunately, at this point there’s not much CIOs can do to protect their ¿companies’ employees and customers from being vished, Henry says. It would be smart to alert your company’s employees and your call center reps who ¿interact with customers to the vishing trend, though. Reps can instruct customers to hang up on a suspicious automated call and instead call the number listed on the credit card or bank statement.