Phishing is so yesterday

A new use for VoIP. From Internet News

Just as Internet surfers have gotten wise to the fine art of phishing, along comes a new scam utilizing a new technology.

Creative thieves are now switching their efforts to “vishing,” which uses Voice over Internet Protocol (VoIP) phones instead of a misdirected Web link to steal user information.

Phishing (define) is the sneaky art of sending an e-mail to people pretending to be from a bank or major online merchant, such as Amazon (Quote, Chart)or EBay (Quote, Chart), asking them to click on a link and verify their account information.

The user is then directed to a fake site that collects the login and password information.

Repeated efforts on the part of security firms have educated users to be cautious about clicking on links from unknown senders.

But now, the criminal element has shifted from asking people to click on links to placing a phone call instead. Only the number isn’t to a bank or credit card, it’s to a VoIP phone that can recognize telephone keystrokes.

The thieves don’t even use an e-mail blast, they use a war dial over a VoIP system to blanket an area. A recorded message tells the person receiving the call that their credit card has been breached and to “call the following (regional) phone number immediately.”

When the user calls the number, another message is played stating “this is account verification please enter your 16 digit account number.” The rest is academic.

Secure Computing, which specializes in secure connections over networks, sent up the red flag over this new method. Secure Computing engineers have been tracking news group sites and open disclosure discussion groups discussing vishing.

“This is just a natural evolution of phishing itself,” said Paul Henry, vice president of strategic accounts for Secure Computing….

Thanks to Kevin Cryer for the link.