- Worldstart's Tech Tips Newsletter - http://www.worldstart.com -
Posted By On June 30, 2006 @ 10:37 AM In Security Help | Comments Disabled
There’s a new type of phishing scam on the horizon. It’s one that mixes the traditional methods, such as sending bogus e-mails, with social engineering techniques. Don’t let it catch you off guard!
As you probably know by now, the term phishing refers to an attempt to gain personal information from end users by spoofing legitimate companies and financial institutions such as PayPal or Ebay. In order to do this, an attacker sends a message (usually an e-mail) stating there is some sort of serious issue with your account and in order to take care of it, you need to log in with your account information at their site, which is of course, fake.
Once this is done, the attackers have the information they want, which puts the ball squarely in their court. This has been a very successful avenue for attackers in the past. They have been able to harvest various user’s personal information with ease. Lately however, the public is getting a little wiser to these sorts of attacks and we aren’t so easily fooled anymore.
Well, the one thing about hackers is that they are resilient. You stop one method and they shortly figure out another. Well, the new method appears to be a hybrid phishing attach that blends technology and traditional methods combined with the misplaced security of speaking with someone on the phone.
This brings in phone phishing. Phone Phishing is becoming very popular, yielding a high success rate. The concept remains the same: fool someone into giving you personal information by impersonating another company, but the execution has a slight twist. There are a few different styles of phone phishing, with the most popular being when an attacker instructs the user to call a customer service number in order to rectify the bogus situation.
On the other end of the line, it could be a fake customer service representative or an automated message. It doesn’t matter. Either way, they are going to ask you to divulge personal information. This method has not been in use that long, but it is notably successful. People tend to feel more comfortable giving their information out over the phone instead of the Internet, especially when they feel they are safe.
There are variations of Phone Phishing, which I have summarized below:
Fortunately, there is one easy way to defend yourself against any phishing scam. Just simply remember to never respond to communication that is requesting you to call, e-mail or go to a Web site and log in with your personal information. Instead, always go out to the site on your own and log into your account. If there are any issues with your account, you will see it here and you will be able to fix it. The same can go with a customer service number given to you via e-mail. Use the phone number from one of the company’s Web sites or from your billing information, if you have it. These steps will keep your information safe online and over the phone.
Article printed from Worldstart's Tech Tips Newsletter: http://www.worldstart.com
URL to article: http://www.worldstart.com/phone-phishing/