Phishers Use Call Forwarding to Mask Fraud

Apr 28, 2007

A phishing attack uncovered by SecureWorks tries to entice victims into forwarding their telephone calls in order to thwart out-of-band authentication by banks.

Researchers at SecureWorks have uncovered a new type of phishing attack that tries to trick victims into forwarding their telephone calls to the attacker to thwart attempts by a bank to detect fraud.

The attack, found by the Atlanta-based security vendor this week, begins with an e-mail sent from the phisher telling the potential victim their bank needs to verify their phone number immediately, and their account will be suspended if they do not confirm the number. The victim is told to confirm their number by dialing *72 and then another number, effectively forwarding their calls to the phisher's telephone.

After going through this process, the victim is asked in the e-mail to update their personal information, such as bank account and Social Security numbers. If the victim's bank calls to question an unusual transaction while the calls are being forwarded, the phisher need only confirm the illegal transaction is legitimate, SecureWorks researcher Don Jackson wrote on the company's Web site.

In an interview with eWeek, Jackson said these types of attacks are currently not widespread, but may become so in the future as more banks use out-of-band authentication - such as telephone calls - to check the validity of suspicious transactions.

He cautioned against trusting e-mails that request the recipient give up personal information.

"If they are asking you to do something, you should call your financial institution," Jackson said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: US warns retailers on data-stealing malware

add to favorites email to friend print save as pdf

Related Stories

US secretly created 'Cuban Twitter' to stir unrest

Apr 03, 2014

In July 2010, Joe McSpedon, a U.S. government official, flew to Barcelona to put the final touches on a secret plan to build a social media project aimed at undermining Cuba's communist government.

Recommended for you

US warns retailers on data-stealing malware

1 hour ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Irish bookmaker apologizes for 2010 data breach

2 hours ago

(AP)—Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details ...

Misinformation diffusing online

4 hours ago

The spread of misinformation through online social networks is becoming an increasingly worrying problem. Researchers in India have now modeled how such fictions and diffuse through those networks. They described details ...

User comments : 0