Phishers Use Call Forwarding to Mask Fraud

April 28, 2007

A phishing attack uncovered by SecureWorks tries to entice victims into forwarding their telephone calls in order to thwart out-of-band authentication by banks.

Researchers at SecureWorks have uncovered a new type of phishing attack that tries to trick victims into forwarding their telephone calls to the attacker to thwart attempts by a bank to detect fraud.

The attack, found by the Atlanta-based security vendor this week, begins with an e-mail sent from the phisher telling the potential victim their bank needs to verify their phone number immediately, and their account will be suspended if they do not confirm the number. The victim is told to confirm their number by dialing *72 and then another number, effectively forwarding their calls to the phisher's telephone.

After going through this process, the victim is asked in the e-mail to update their personal information, such as bank account and Social Security numbers. If the victim's bank calls to question an unusual transaction while the calls are being forwarded, the phisher need only confirm the illegal transaction is legitimate, SecureWorks researcher Don Jackson wrote on the company's Web site.

In an interview with eWeek, Jackson said these types of attacks are currently not widespread, but may become so in the future as more banks use out-of-band authentication - such as telephone calls - to check the validity of suspicious transactions.

He cautioned against trusting e-mails that request the recipient give up personal information.

"If they are asking you to do something, you should call your financial institution," Jackson said.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Recovering a narrative of place—stories in the time of climate change

Related Stories

With deadline looming, UN climate talks fall short

May 10, 2018

UN talks ending Thursday failed to hammer out a draft of the "operating manual" that would bring the landmark Paris climate treaty to life, forcing governments to add an emergency negotiating session ahead of a December climate ...

Internet to TLS 1.3: Where have you been all my life

March 28, 2018

The Internet Engineering Task Force (IETF), which is the premier Internet standards body, has given its nod of approval for something that will make the Web more secure. It is called Transport Layer Security version 1.3.

Recommended for you

What can snakes teach us about engineering friction?

May 21, 2018

If you want to know how to make a sneaker with better traction, just ask a snake. That's the theory driving the research of Hisham Abdel-Aal, Ph.D., an associate teaching professor from Drexel University's College of Engineering ...

Flexible, highly efficient multimodal energy harvesting

May 21, 2018

A 10-fold increase in the ability to harvest mechanical and thermal energy over standard piezoelectric composites may be possible using a piezoelectric ceramic foam supported by a flexible polymer support, according to Penn ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.