Cloudmark has warned of VOIP-based phishing attacks. Cloudmark has identified phishing attacks performed over VOIP, by posing as banks and emailing users to call the specified number and enter personal information to access their finances.


Cloudmark has warned of VOIP-based phishing attacks. Cloudmark has identified phishing attacks performed over VOIP, by posing as banks and emailing users to call the specified number and enter personal information to access their finances.

Cloudmark has identified two such attacks this week. Cloudmark advices users against dialing phone numbers received through emails and to dial the number printed on ATM cards instead of the number in the email.

Adam J. O’Donnell, Ph.D., senior research scientist at Cloudmark, said: “We’ve seen two separate VoIP attacks hit our network this week, the first we’ve been able to analyze in detail. In these attacks, the target receives an email, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem.” [Source]

When a user calls such a spoof number, they are connected over VOIP to a PBX(private bank exchange), running an IVR. The IVR system sounds alike to the actual bank’s phone tree, which then directs them to specific extensions. The phishing phone system requests the user to enter their account number and PIN, which is then used for stealing the user’s finances.

For more information on these phishing attacks and on how to take precautions against them, click here.

 

 

 

 

Sharing is caring