Have you heard about VISHING?

VISHING is pfishing over VOIP!

The scammer sens you a voice mail message saying something like this is your bank and your account has been compromised, or overdrawn, or something like that, and they attach a fake phonetree to the voice mail showing a phone number that is YOUR BANK'S phone number. Except, if you answer the message, you are taken to the scammers site and asked to enter your account # and PW, etc.

They also are now able to harvest caller ID's, which is not being called Caller ID Spoof. The ID shown on your VOIP info makes it look like the call is coming from your bank or any other source they choose!!!!

I just heard this from a consumer advocate who was a guest on the Michael Finney radio show on KGO radio in SF, Ca. Michael has a consumer advocate show on every Sunday.

Damn these computer scammers are very clever crooks!!!!!!

becoming very popular!!!!!

Scarely these criminals!!!!!!

I don't use VOIP much, but this is still good to know

This has been around for ages. Any place with a PBX (like a bank, or any place that uses a central number with extensions) can modify their outgoing caller id information so that it doesn't report the number of the actual outbound line, but rather the common incoming number. Or more to the point, any number they feel like.

The added "feature" of connecting this to VOIP voice mail services is troubling, though.

From Rocky Mountain News

Gone vishing
Internet voice connections help thieves trick consumers and hide their tracks
<snip>
Now, savvy con artists are adding a new twist dubbed "vishing." Customers of Santa Barbara Bank & Trust recently received e-mails telling them that their accounts with the company's online banking system had been disabled after the bank detected unauthorized access. They were told to dial a telephone number (with a local, Southern California area code) where an automated voice prompted them to enter their account numbers, personal-access codes and other details. It's not clear who was on the other end of the phone line, but it wasn't Santa Barbara Bank & Trust.

The incident was among the latest in a string of vishing, or voice-phishing, attacks. Security experts say such schemes are made possible by Internet-telephone services, which allow computer users to quickly establish phone numbers, often without undergoing some of the verification checks used by traditional telephone companies.

Also, Internet phone companies dole out numbers with a choice of area code, regardless of where in the country — or world — the user is located. That can make it much more difficult to locate fraudsters.




From USA Today

Internet con artists turn to 'vishing'

By Brian Bergstein, Associated Press
BOSTON — Internet con artists are turning to an old tool — the phone — to keep tricking Web users who have learned not to click on links in unsolicited e-mails.

<snip>
But with Internet users wiser about phishing, the new fake PayPal e-mail included no such link. Instead it told users to call a number, where an automated answering service asked for account information.

Security experts tracking this scam and other instances of "vishing" — short for "voice phishing" — say the frauds are particularly nefarious because they mimic the legitimate ways people interact with financial institutions.

<snip>
The upshot: "If you get a telephone call where someone is asking you to provide or confirm any of your personal information, immediately hang up and call your financial institution with the number on the back of the card," said Paul Henry, a vice president with Secure Computing Corp. "If it was a real issue, they can address the issue."

but my bank won't reply to regular email and won't send regular email. If they have a communication for you it's either on your online login with a special notice that you have email...and then only asks you to call them. WITHOUT giving you a number. (If you don't know it, they want you looking it up yourself)

If those pfishing emails didn't get any responses, they would stop because they don't work!

I'm afraid for all the people who DON'T KNOW!

My cousin who is 59 and disabled just signed up for VOIP service. He and his wife LOVE IT! However, they are soooo naive about everything. You can't imagine how many times I've told them about something and the response is "Oh my God! I didn't know that?"

Way too many people trust almost evryone. I just wanted to post this to give a heads up to those who are still too trusting.