VOIP.com - Internet Phone Service

The art of the scam is as adaptable as a virus, mutating effortlessly in response to society's defense mechanisms. From the days of snake oil salesmen to high-tech vishers, con artists have perennially found ways to pick the pockets of naive consumers.

Most savvy web denizens know better than to respond to letters from Nigeria asking for help in moving large sums of money out of the country, or offers to get involved in $1500/day work from home schemes, or any other come-on that smacks of get-rich-quick methodology. Consumers are also generally aware that it's not a good idea to hand over your personal information to unfamiliar sources.

Phishing attacks, therefore, focus on creating the illusion that the request for information comes from a legitimate source. E-criminals have had such great success with spoofed e-mails containing links to information harvesting portals that the public is now hypersensitive to the dangers of clicking on links in phishy e-mails. So the phishers have switched to vishing, which uses a voice over IP phone number to bolster credibility instead of a link.

PayPal users were recently misdirected from the official site to a malicious site based in S. Korea that gathered data on account numbers, social security numbers, credit card numbers and other private information. PayPal has since fixed the vulnerability that allowed the attack to occur, and claims that no similar effort will be successful, however that doesn't stop the vish-mails that go out every day advising consumers that their account has been compromised and they need to call customer service right away.

PayPal users are not alone--last month, some members of Santa Barbara Bank & Trust Inc. received this e-mail:

Dear Customer,

We've noticed that you experienced trouble logging into Santa Barbara Bank and Trust Online Banking.

After three unsuccessful attempts to access your account, your Santa Barbara Bank & Trust Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Santa Barbara Bank & Trust is committed to make sure that your online transactions re secure.

Call this phone number (1-800-805-XXX-XXXX) to verify your account and your identity.

Sincerely,

Santa Barbara Bank & Trust Inc.

Online Customer Service

The insidious thing about scams like these is that they model very closely a consumer's expectation of how the institution would react in the event of a problem. When victims dial into the provided number, they run the familiar gauntlet of an automated customer service system. Most credit card companies and banks ask customers to first enter their account number before being forwarded to a representative or accessing automated features. In the case of vishing, those keystrokes are being recorded, along with password information, the consumer's phone number and address, as well as any other information that can be squeezed out of the encounter.

Wisconsin telecommunications customers are being targeted with a war dialer type of vish, where a computer is set up to sequentially call thousands of numbers in a region. In this case, customers who pick up are treated to an automated message inviting them to receive a 35% discount on their long distance service. All that's required is verification of their address, phone number, maiden name and other sensitive information.

In some attacks, the crooks already know part of the information, like a credit card number, for instance. Usually they then ask for clarifying information, such as the three-digit security code on the back of your credit card.

With ID theft scams becoming increasingly sophisticated, the only way to ensure you're not opening your account to thieves is to stay in control of the exchange of information. If you get a phone call asking for private information to help resolve an account problem, don't just summarily give it out. Make a note of the caller's name, phone number, the institution they represent, and the problem they're bringing to your attention. Then hang up and call the customer service number printed on the back of your credit card or on your statements. That way, you can be sure you're talking to the right people and that your information remains secure.