‘Untraceable’ Phone Frauders Vishing for Credit Cards

Use Netsparker


Vishing, now there’s a new term for you. Basically its Phishing – but utilising VoIP call services, which makes it very easy to spoof the Caller ID.

Even though Caller ID Spoofing was Made Illegal in the USA – people will still continue to do it, remember the FCC said it’s still easy to spoof caller ID. This scam as always includes some Social Engineering, it’s not that easy after all to get people to give up their important info over the phone.

Scams involving email and fake banking websites may get all the attention, but a recent rash of fraudulent phone calls shows criminals haven’t given up on more traditional tools for tricking people into surrendering credit card numbers and other sensitive information.

The calls begin with a recording that makes a tempting offer – usually for a lower credit-card interest rate or an extended car warranty – and then invite the caller to speak to a live agent. The agents then ask for information including the credit card number and expiration, name, address, and in some cases social security number and other data. Recipients who have fallen for the ploy report finding charges as high as $900 on their credit card.

So be careful, don’t be tempted by lower credit card rates or any kind of nonsense offers that you receive from strangers. Honestly I don’t believe any readers of Darknet would fall for this kind of thing..but as always educate those you aren’t so savvy and you are doing your part.

The surge of calls come as security researchers report an up-tick in so-called vishing attacks, which use VoIP, or voice over IP, to trick people into turning over banking credentials and other sensitive data. Last fall, more than 12,000 people in Texas were targeted in a scam that attempted to capture their account details for eTrade and two local banks, according to a recent report from iSIGHT Partners.

Vishers typically set up demo accounts with one of the many VoIP providers, carry out their attack and then move to another provider. The attacks observed in the report were different from the recent scam, however. They typically rely on emails that encourage recipients to call an automated number and manually enter their account information.

It’s worrying, people are getting spammed, scammed and phished from every direction now. All these frauds and spammers are making technology more complex and polluting the Internet with stuff like CAPTCHAs.

I guess it’s here to stay though, so we have to accept with it and deal with it as best we can.

Source: The Register

Posted in: Social Engineering, Spammers & Scammers

, , , , ,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


7 Responses to ‘Untraceable’ Phone Frauders Vishing for Credit Cards

  1. razta June 4, 2008 at 8:57 am #

    The guy who lost $900, hes either really stupid or has more money than senss and simply dident care.

    I had a guy social engineer me the other week! I had just woke and was taking the bins out, male and female come walking over smartly dressed and looked very professional, the guy flashed his wallet at me and said “Police”, I didn’t quite see the wallet because he did it so fast, however did not want to argue with a possible police man as id just woke up. He then asked me for the security code for my building and I gave it to him, only later did I realise id been had.

    More than likely he was a debt collector. I thought I would never get social engineered, just goes to show.

  2. Jinesh Doshi June 5, 2008 at 8:06 am #

    I agree with razta that guy has to be a real fool to give away details on phone.

  3. BMX guy June 6, 2008 at 9:21 am #

    @razta – that is the best way, take someone by surprise. Got myself into a very similar thing a couple of times, but after some training managed to stop myself from giving people vital information. Doesn’t work every time, but at least “most of the time” is better than nothing. We’re only human,

  4. Pantagruel June 6, 2008 at 12:44 pm #

    @razta

    Always argue with a so called ‘official ‘ most social engineers will try to impose as an ‘official’ of some sort (police/traffic warden/meter man/cable guy). A true ‘official’ will allow you to scrutinize his/her ID, if the so called ‘official’ refrains from doing this or simply replies ‘I already showed you my ID’ you can safely use the fifth and give him/her the silent treatment.

    Had a similar thing some days ago, some ‘supposedly ‘ security type of guy was ‘performing’ ticket checks in our subway. He was quite aggressively asking for identity papers to verify card holder name/photograph. Many people simply complied and only few objected and or demanded to see some kind of proof of his identity/function. I declined simply because they always operate in groups and have police support. The guy threatened with a fine and to call in the police to arrest me. When I told him to be my guest he got out at the next stop, clearly a fake.

  5. Navin June 7, 2008 at 6:15 am #

    As BMX guy pointed out, we’re only human!! there was this quote I’d read on some newbie’s “hacking” site.The site was lame but the quote made sense– “Servers don’t make mistakes, humans do”.

    Its silly when U tell someone about such stuff but at the time U’re getting phished U don’t really figure whats going on…. As long as the social engineer is good that is.

    U guys read Kevin Mitnick’s “The Art of Deception”– Brilliant book with loads of examples on conning!! My icon as far as social engineering is concerned

  6. Pantagruel June 7, 2008 at 7:17 pm #

    @Navin

    I Read Kevin Mitnick

  7. d347hm4n June 8, 2008 at 10:08 am #

    Unfortunately the people that will fall for this type of social enginnering attack will not be reading the darknet.