And consumers thought they were safe by not clicking on links in unsolicited e-mails.
Now comes a new batch of phishing scams that rely on an old tool — the phone — to trick people into giving away their personal information.
Vishing — short for voice phishing — is one of the latest iterations of phishing, a long-running e-mail scam that instructs recipients to click a link in the e-mail to confirm data such as their Social Security number and credit card number. But the link is really connected to a bogus website where the data are stolen.
Vishing has emerged as a new threat with the rise of Voice over Internet Protocol, technology that allows cheap and anonymous Internet calls.
The new batch of e-mails appear to come from PayPal, eBay's online payment service, and — like most phishing e-mails — they warn the recipients about a problem with their account. An e-mail advises victims to call a number to verify basic data. But the number is actually recording data with the intent to steal it. The information often winds up on cybercrime forums, websites that function as digital marketplaces for stolen personal data.
Some vishing attacks don't even begin with an e-mail. They come as calls out of the blue in which the caller already knows the recipient's credit card number, and asks for the three-digit security code on the back of the card.
"Hackers are moving away from the Web and using something victims are more comfortable with: making a call," said Paul Henry, vice president of technology evangelism at Secure Computing. "Consumers are programmed to enter in information on the phone. It's a natural evolution of phishing."
More.
Also check out Phishtank.com.
No comments:
Post a Comment