Phishers Use Call Forwarding to Mask Fraud

Researchers at Atlanta-based security vendor SecureWorks have uncovered a new type of phishing attack that circumvents a bank's attempt to detect fraud by tricking victims into forwarding their telephone calls to the attacker. The attack begins with an e-mail sent from the phisher telling the potential victim their bank needs to verify their phone number immediately, and their account will be suspended if they do not confirm the number. The victim is told to confirm their number by dialing *72 and then another number, effectively forwarding their calls to the phisher's telephone.

The victim is then asked in the e-mail to update their personal information, such as bank account and Social Security numbers. If the victim's bank calls to question an unusual transaction while the calls are being forwarded, the phisher need only confirm the illegal transaction is legitimate. SecureWorks researcher Don Jackson said these types of attacks are currently not widespread, but may become so in the future as more banks use out-of-band authentication to check the validity of suspicious transactions.

News source: Physorg

Report a problem with article
Previous Story

Mouse brain simulated on computer

Next Story

Could Black Holes be Portals to Other Universes?

6 Comments

Commenting is disabled on this article.

These should be no way in heck anybody could fall for this. Of course, that kind of and that much paranoia/ignorance, is/was caused by the internet itself, basically.

Sadly a lot of people who get duped in these scams are just not au fait with technology like we all are. We can't fathom how someone can fall for these tricks, but they do regularly. Perhaps we could help by dropping the holier than thou attitude and educating the people we know who may fall for these scams. And this involves more than just sticking grandma on Ubuntu.

Sorry, but I can't say that I feel sorry for anybody that actually falls for this. Since when is it so important for a bank to verify your "phone number" that they'll suspend your account if you don't?