[real-eyes] Fraudulent calls target US banks, another look at caller ID spoofing
- From: blindbites <blindbites@xxxxxxxxx>
- To: nutkc@xxxxxxxxxxxxxxx, real-eyes@xxxxxxxxxxxxx
- Date: Thu, 19 Apr 2012 13:06:28 -0500
The following is from:
http://nakedsecurity.sophos.com/2012/04/19/fraudulent-calls-target-us-banks-another-look-at-caller-id-spoofing/?utm_source=twitter&utm_medium=NakedSecurity&utm_campaign=naked%252Bsecurity
Fraudulent calls target US banks, another look at caller ID spoofing
by
Chester Wisniewski
on April 19, 2012 |
1 Comment
FILED UNDER:
Data loss
,
Featured
Rotary telephone
Rotary telephone
Many of us at Sophos spend most of our waking hours investigating
digital threats
designed to steal money, passwords, identities and more.
Most of these crimes take place on the internet, but today I wanted to
draw attention
to something you might not be expecting, vishing.
I am not a big fan of the term "vishing", but it is the easiest way to
describe the
act of using the voice telephone network to phish peoples account
information the
same way we see on the web and in email.
A
story on Dark Reading
this week pointed out that 30 of the top 50 US-based banks have
reported they have
received complaints from their customers.
How does this work? It appears to be similar to the
fake tech support calls
many people were receiving from overseas call centers taking advantage
of super-cheap
VoIP rates.
This time there is a twist however. They are attempting to spoof the
caller ID information
to make it more believable that you are in fact receiving a call from
"Bank name
here".
In the United States this can be particularly convincing as the call
display service
used by most US phone companies does a reverse lookup for the name
information based
on the caller ID number provided by the call.
If a criminal does his research and determines that the main phone
number for Bank
of America is 512-555-0022 and forges his caller ID number to match,
your phone will
display "Bank of America - 512-555-0022".
People put a lot of blind faith in seemingly reliable technologies like
caller ID,
but it is in fact trivial to spoof.
Why is this? Caller ID is quite a dated technology and was bolted onto
to the existing
phone network nearly 30 years ago.
The information about who is calling you is sent down the wire
"in-band", meaning
the information is transmitted on the same wire that carries your voice.
With Voice over IP (VoIP) technology you can falsify this information
making your
calls to appear to originate from any number you choose and the
criminals appear
to have caught on to this fact.
In 2011 this technique was used to
send a SWAT team
to someone's home as some sort of a cruel prank drawing the ability to
forge numbers
to the attention of the general public and criminals alike.
SWAT team. Image courtesy of Shutterstock
SWAT team. Image courtesy of Shutterstock
Whenever you receive unsolicited communications asking you for
information, you should
always ignore it and contact the party responsible directly.
Whether it is over the phone, through email, an instant message or over
a social
network, just delete/hang up/ignore the communication.
We all have a certain amount of faith in the technology around us and
criminals will
continue to take advantage of that fact.
Stay suspicious, keep your guard up and let your friends and family know
to be on
the lookout so they don't become the next victim to these scams.
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] Fraudulent calls target US banks, another look at caller ID spoofing - blindbites
