A recent VoIP-based phishing campaign has been netting the payment card information of up to 250 Americans per day.
Voice over IP phishing, or vishing, is a form of phishing that relies on users getting tricked into giving up their payment card information after receiving phone or SMS messages – purporting to come from banks – instructing them to do so.
Security firm Phish Labs unveiled research on the wave of attacks on its blog today and said it stumbled upon a “cache of stolen payment card data belonging to customers of dozens of financial institutions” upon investigating the campaign.
The firm speculates that an Eastern European crew is carrying out the spree of attacks by using email-to-SMS gateways to send messages informing victims that their debit card has been deactivated.
More than 50 medium-sized banks have been targeted by campaigns over the last several years.
In the attack, users are sent a message that their ATM card has been deactivated. The users are prompted to call a phone number to reactivate the card by entering their card number and their PIN – data that of course is stored, then later accessed by the criminals to be used in cash-out schemes.
Full Article
Vishing Attacks Targeting Dozens of Banks
Userlevel 7
+52
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.