By Erika Morphy TechNewsWorld Part of the ECT News Network
04/28/06 2:48 PM PT
It is not surprising that phishers have turned their attention to VoIP connections, Ron O'Brien, security analyst with Sophos, told TechNewsWorld. "We do consider it an emerging threat."
Increase Customer Sales with VerticalResponse Email Marketing! Quickly and easily send email newsletters, coupons & sales announcements to your customers – no technical expertise needed. Sign up for your Free Trial today and send 100 emails on us!
Phishers are targeting potential victims through yet another channel: voice over IP systems.
Cloudmark, a provider of messaging security applications, this week discovered two separate e-mail schemes that direct recipients to VoIP systems in an effort to steal their personal data.
The scam works like this, according to Adam J. O'Donnell, senior research scientist at Cloudmark: "The target receives an e-mail , ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem."
Callers are then connected over VoIP to a PBX (private branch exchange) running an IVR (interactive voice response) system that sounds exactly like their own bank's phone tree and directs them to specific extensions.
The fake phone system then prompts the caller to enter his or her account number and PIN.
Consumers should not dial phone numbers received in e-mails from institutions, Cloudmark advises -- just as they shouldn't click on links provided by banks and other financial service providers in e-mails.
The Next Thing
The scam is particularly ingenious because it is so cheap for the phisher to run. One reason for VoIP's rapidly growing adoption, after all, is its low cost. As Cloudmark points out, VoIP-based services allow phishers to cheaply add and cancel phone numbers that are harder to trace than conventional numbers.
It is not surprising that phishers have turned their attention to VoIP connections, Ron O'Brien, security analyst with Sophos, told TechNewsWorld. "We do consider it an emerging threat," he said.
"Anytime you have an open port, you have a vulnerability -- and there will always be someone willing to try to capitalize on that vulnerability."
Same Pattern
While the this particular type of attack may be novel at the moment, O'Brien said other scam artists with a technical bent are likely to follow suit.
"These things tend to follow the same pattern," he noted. "One or two people try it out, meet with reasonable success , and then it eventually becomes another way for criminals to generate revenue."
Consumers have to learn to think of all electronic peripherals as potentially vulnerable -- if not from phishers, then from hackers intent on stealing data they could not otherwise trick a user into revealing, O'Brien cautioned.
This wariness is necessary "especially at the end point," he said. "There are a number of devices that link with PCs, and it is essential to protect those vulnerable areas."
Over the last few years, proof of concept viruses and other malware have specifically targeted mobile phones and other handheld devices via instant messaging systems. Now VoIP joins the list of compromised channels.
Music Industry, Movie Studios Warn Colleges on Piracy April 28, 2006
"People dedicated to committing piracy are going to find ways to do it," Yankee Group analyst Michael Goodman told the E-Commerce Times. However, more casual music fans are likely to be more cautious if they know that campus LANs are being targeted.
Related Stories
Enterprises Face VoIP Management Challenges February 16, 2006
"Vendors are moving away from centralized, agent-based technologies to real-time data collection," noted Stephen Elliot, a senior analyst at IDC. As a result, management heavyweights such as BMC Software, Computer Associates, Hewlett-Packard and IBM are tweaking their products to improve collection of this information.
Security Hot Issue for Open-Source Database Developers January 24, 2006
According to Evans Data's Fall Database Development Survey, open-source database deployments were up more than 20 percent in the last six months. MySQL use, for example, increased by more than 25 percent in six months and is approaching majority status in the database space. Currently, forty-four percent of developers use the open-source MySQL system.
Blueprint Drawn for Mobile Device Security January 03, 2006
While the Trusted Network Connect specification is promising, a number of issues could curb its acceptance. "Vendors have not always been in synch about what is the best way to offer security functions to handheld device users," noted Gartner Group's John Pescatore.
Study: Data Loss, Network Vulnerabilities Top Security Issues December 29, 2005
"Security issues continue to mount, impacting all users of computer technology and threatening the data, endpoints and networks of every organization," said Al Sisto, chairman, president and chief executive officer of Phoenix Technologies.
SMBs Sitting on a VoIP Wall of Worry November 19, 2005
Joe Porus, chief architect for Harris Interactive's technology research practice, described the fence-sitting that's occurring now as a "wall of worry" which VoIP vendors and service providers are going to have to break down. Issues include network reliability, 911 emergency calling, voice quality and security.
Related News Alerts
More by Erika Morphy
Windows 7 Flies Off the Shelves November 06, 2009
Early sales figures on Windows 7 boxed software suggest a high level of consumer enthusiasm for the OS. Unit sales were a whopping 234 percent higher than Vista's out of the gate. The revenue haul was not as impressive, as Microsoft offered sharp discounts to spur presales. Also, sales of PCs with Windows 7 preinstalled have been lackluster -- but October is historically a weak month for PC sales.
Southwest Doesn't Fool Around November 06, 2009
Either Southwest Airlines had better deals for my favorite route than its competitors or its superior Web site tools made it easier for me to ferret them out. Either way, kudos to Southwest. In the not-so-hot department were the airline's long list of what passengers weren't allowed to do and its very short list of what Southwest was obliged to do for them. Left me feeling a little chilly.
Commerce Search Puts Google Inside Retailers' Catalogs November 05, 2009
Google has launched a new cloud-based search tool targeting enterprise-level e-commerce operations, just in time for the 2009 holiday selling season. Commerce Search provides a set of features designed to improve the relevance of results for consumers searching a retailer's own product catalog, while boosting cross-selling opportunities.
Headline Feeds
, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem."
Talkback: 
