‘Untraceable’ Phone Frauders Vishing for Credit Cards

Vishing, now there’s a new term for you. Basically its Phishing – but utilising VoIP call services, which makes it very easy to spoof the Caller ID.

Even though Caller ID Spoofing was Made Illegal in the USA – people will still continue to do it, remember the FCC said it’s still easy to spoof caller ID. This scam as always includes some Social Engineering, it’s not that easy after all to get people to give up their important info over the phone.

Scams involving email and fake banking websites may get all the attention, but a recent rash of fraudulent phone calls shows criminals haven’t given up on more traditional tools for tricking people into surrendering credit card numbers and other sensitive information.

The calls begin with a recording that makes a tempting offer – usually for a lower credit-card interest rate or an extended car warranty – and then invite the caller to speak to a live agent. The agents then ask for information including the credit card number and expiration, name, address, and in some cases social security number and other data. Recipients who have fallen for the ploy report finding charges as high as $900 on their credit card.

So be careful, don’t be tempted by lower credit card rates or any kind of nonsense offers that you receive from strangers. Honestly I don’t believe any readers of Darknet would fall for this kind of thing..but as always educate those you aren’t so savvy and you are doing your part.

The surge of calls come as security researchers report an up-tick in so-called vishing attacks, which use VoIP, or voice over IP, to trick people into turning over banking credentials and other sensitive data. Last fall, more than 12,000 people in Texas were targeted in a scam that attempted to capture their account details for eTrade and two local banks, according to a recent report from iSIGHT Partners.

Vishers typically set up demo accounts with one of the many VoIP providers, carry out their attack and then move to another provider. The attacks observed in the report were different from the recent scam, however. They typically rely on emails that encourage recipients to call an automated number and manually enter their account information.

It’s worrying, people are getting spammed, scammed and phished from every direction now. All these frauds and spammers are making technology more complex and polluting the Internet with stuff like CAPTCHAs.

I guess it’s here to stay though, so we have to accept with it and deal with it as best we can.

Source: The Register

Posted in: Social Engineering, Spammers & Scammers

, , , , ,

Latest Posts:

Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.

7 Responses to ‘Untraceable’ Phone Frauders Vishing for Credit Cards

  1. razta June 4, 2008 at 8:57 am #

    The guy who lost $900, hes either really stupid or has more money than senss and simply dident care.

    I had a guy social engineer me the other week! I had just woke and was taking the bins out, male and female come walking over smartly dressed and looked very professional, the guy flashed his wallet at me and said “Police”, I didn’t quite see the wallet because he did it so fast, however did not want to argue with a possible police man as id just woke up. He then asked me for the security code for my building and I gave it to him, only later did I realise id been had.

    More than likely he was a debt collector. I thought I would never get social engineered, just goes to show.

  2. Jinesh Doshi June 5, 2008 at 8:06 am #

    I agree with razta that guy has to be a real fool to give away details on phone.

  3. BMX guy June 6, 2008 at 9:21 am #

    @razta – that is the best way, take someone by surprise. Got myself into a very similar thing a couple of times, but after some training managed to stop myself from giving people vital information. Doesn’t work every time, but at least “most of the time” is better than nothing. We’re only human,

  4. Pantagruel June 6, 2008 at 12:44 pm #


    Always argue with a so called ‘official ‘ most social engineers will try to impose as an ‘official’ of some sort (police/traffic warden/meter man/cable guy). A true ‘official’ will allow you to scrutinize his/her ID, if the so called ‘official’ refrains from doing this or simply replies ‘I already showed you my ID’ you can safely use the fifth and give him/her the silent treatment.

    Had a similar thing some days ago, some ‘supposedly ‘ security type of guy was ‘performing’ ticket checks in our subway. He was quite aggressively asking for identity papers to verify card holder name/photograph. Many people simply complied and only few objected and or demanded to see some kind of proof of his identity/function. I declined simply because they always operate in groups and have police support. The guy threatened with a fine and to call in the police to arrest me. When I told him to be my guest he got out at the next stop, clearly a fake.

  5. Navin June 7, 2008 at 6:15 am #

    As BMX guy pointed out, we’re only human!! there was this quote I’d read on some newbie’s “hacking” site.The site was lame but the quote made sense– “Servers don’t make mistakes, humans do”.

    Its silly when U tell someone about such stuff but at the time U’re getting phished U don’t really figure whats going on…. As long as the social engineer is good that is.

    U guys read Kevin Mitnick’s “The Art of Deception”– Brilliant book with loads of examples on conning!! My icon as far as social engineering is concerned

  6. Pantagruel June 7, 2008 at 7:17 pm #


    I Read Kevin Mitnick

  7. d347hm4n June 8, 2008 at 10:08 am #

    Unfortunately the people that will fall for this type of social enginnering attack will not be reading the darknet.