3) New Age Phone Phishing

Changes in technology have revived phone phishing.

• The widespread of automated telephone services and call centers has made the us more used to provide information to strangers (or machines) who just ask for it.
  
  
  
• Voice over IP (VoIP)
  • Cheap
  • Difficult to determine the physical location
  • Security flaw which makes it easy to fake caller ID

   

• Rogue IVR's
  • A rogue Interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided in order to "verify" information. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. More advanced systems transfer the victim to the attacker posing as a customer service agent for further questioning.

    An IVR could even record the typical commands ("Press one to change your password, press two to speak to customer service" ...) and play back the direction manually in real time, giving the appearance of being an IVR without the expense.

• Common practice
  • With the increase in identity theft it has become common to receive calls of suspicious activity on a credit card. Phisher's are taking advantage of that and pretending to be credit card service centers. Handle any call that ask for your personal information with extreme caution. If a credit card company is calling you, they will already have all your information. Call the number on the back of your credit card to verify that it really is the credit card company.