Vishing Attacks IncreasingJune 13, 2008 – 9:02 AM
In recent months, Web site compromises have become the most prevalent problem that threatens Internet users from all over. While this trend continues to dominate today’s security issues, let’s not forget about other threats that, although may be not as massive as these attacks, have equally serious ramifications against the victims.
Remember vishing? Well, here’s a refresher.
Vishing is a type of phishing attack that involves Voice over Internet Protocol (VoIP) technology in stealing user’s sensitive information, usually financial in nature. Like certain types of phishing attacks, it usually persuades users into divulging personal data by sending them legitimate-looking messages (via email, text message or sometimes even via telephone call), warning them that their account is supposedly to be suspended or has expired and instructing them to contact the number provided to prevent the suspension or to renew their accounts. Upon calling the number, users are directed to an automated voice mail system that prompts them to dial in their credit card numbers and PINs.
Earlier sightings of vishing attacks has been reported in 2006 and has been slowly and silently increasing its momentum since then. Last January, FBI’s Internet Crime Complaint Center (IC3) announced that the number of vishing-related complaints it received is rising at a considerably “alarming rate.” Trend Micro also noticed this movement as a couple of vishing attacks has been reported, among others, earlier this year.
And speaking of “growing sophishtication,” vishing attacks have seemingly followed the footsteps of Web site compromises and advanced phishing techniques by using toolkits in sending vishing-related SMS. Donald Smith of Sans Internet Storm Center came across SmssmtpSender, an automated toolkit that can be used for SMS spamming and vishing.