funsec mailing list archives
Re: Vishing (voice/phone phishing) - public incident
From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Sat, 24 Jun 2006 12:02:48 -0600 (MDT)
I've received similar automated phone calls over the last month. (An unsolicited phone call, not a spam email.) Each time the automated system says that there was a problem with my account approval. Press 1 to re-submit my account credentials. Press 2 to review my account information. Press 3 to request more information about my account. The big problems: - No caller ID. - No identification (they do not even pretend to be a bank). - No mention of who they are calling. - No option to talk to a human. - In the first call, there was one pregnant pause during a word in option #3 -- likely VoIP. - (Forget the fact that they are in violation of the No-Call law...) - Oh, and I haven't tried to setup any accounts. (Duh!) A few coworkers have received similar calls. They're probably calling everyone in the area code (or region). The voice quality was better than the Websense WAV file. (Likely a different automated system.) It reminded me more of the T-Mobile automated woman -- even had the slight southern accent. I've got my phone set to record it next time. It's phun!. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) http://www.charlesriver.com/Books/BookDetail.aspx?productID=126130 On Fri Jun 23 11:09:28 2006, Gadi Evron wrote:
Last year some of us made jokes about Vishing on funsec, today it's a reality. Here is the incident going public: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534 Special thanks to the good guys at Websense and the PIRT guys at CastleCOPS PIRT. I guess jokes about Vishing with a heavy Russian accent were good, too bad this wave file doesn't have that accent. :) The attacked party is Santa Barbara Bank & Trust. I suppose the IRS will also take interest in this. Gadi.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Vishing (voice/phone phishing) - public incident Gadi Evron (Jun 23)
- Re: Vishing (voice/phone phishing) - public incident Dude VanWinkle (Jun 23)
- Re: Vishing (voice/phone phishing) - public incident Dr. Neal Krawetz (Jun 24)