Benchmarks Online

Skip Navigation Links


Page One

Campus Computing News

Vishing, the latest scam to hit the Denton area

Computing Resources at UNT - Finding Your Way Around

EDUCAUSE Southwest Regional Conference

New Year's Resolutions for UNT General Access Computer Lab Users

Today's Cartoon

RSS Matters

The Network Connection

Link of the Month

Helpdesk FYI

Short Courses

IRC News

Staff Activities

Subscribe to Benchmarks Online
    

Vishing, the latest scam to hit the Denton area

By Claudia Lynch, Benchmarks Online Editor

There have been numerous reports recently of text messages being sent to people's cell phones, pagers, etc. on campus and in the Denton area. They purport to be from a local bank (Point Bank), but they could be from any bank or other financial institution. We have learned that the technical term for this action is called "vishing." According to Wikipedia:

Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the bill-payer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, the consumer is advised to contact their bank or credit card company directly to verify the validity of the message.

Banks, including Point Bank, and credit unions have been cautioning their patrons about this new threat. Recently, the American Airlines Credit Union posted this information on their website:

Updated - January 14, 2008

A new form of attack called "vishing" has recently been attempted. In this type of "vishing" attack an automated voice leaves a message stating "due to fraud issues your [name of Financial Institution] account has been suspended". You are then provided with a telephone number to reactivate your account.

If you call into the fraudulent number, you will be prompted through an automated phone system and asked to input a 16 digit account number. It will then ask for your expiration date/month/year, followed by your PIN. It will then advise that your account has been reactivated. With one simple phone call, vishers gain access to your personal information.

Bottom line, be very suspicious of requests for personal information like account numbers and PIN's, especially if they come in the form of automated voice messages. For a thorough, more technical discussion of vishing, see this IBM white-paper: http://www.iss.net/documents/whitepapers/IBM_ISS_vishing_guide.pdf

 


Originally published, January 2008 -- Please note that information published in Benchmarks Online is likely to degrade over time, especially links to various Websites. To make sure you have the most current information on a specific topic, it may be best to search the UNT Website - http://www.unt.edu . You can also search Benchmarks Online - http://www.unt.edu/benchmarks/archives/back.htm as well as consult the UNT Helpdesk - http://www.unt.edu/helpdesk/ Questions and comments should be directed to benchmarks@unt.edu

 

Return to top