PHISHING goes LOW TECH
Chances are you are seeing more and more stories about phishing with a twist using the telephone to collect the victim’s personal data. You may even have personally experienced such activities yourself. We have been seeing this type of activity for some time and have personally experienced a similar scam but with a different spin.
Where phishing typically involves a bogus website and email, we have coined the phrase PHRAMING for this new type of fraudulent scam. It involves low tech manipulation with high-tech VOIP services and a possible website. You can read more here
The scam basically works like this. The fraudster sets up a VOIP account to have people call in. They mail (yes snail mail) bogus postcards or letter to victims and have them call the telephone number. Once the victim calls the telephone number, the victim provides all the typical information needed to validate an account. In the mean time, the fraudster collects what is needed and the victim is assured things are fine based on the validated information. The sad part is that the victim actually in completely unsuspecting that anything fraudulent occurred since they personally called the telephone number rather than receiving a call. It is also more assuring that the inquiry was via the mail.
Based on a simple marketing metrics for response rates, the numbers will add up for a fraudster to spend the money to mail the letters.
Here’s a personal overview of what happened to myself. I received a letter in the mail from a major retailer who is an issuer. It asked to call to validate changes to my account. The retailer addresses did not look right to where the standard retailer addresses were registered. I went to the retailer (issuer’s) website and searched for both the physical and mailing address along with the telephone number I was supposed to call. NONE matched on the website with what was on the letter.
I then called the customer service number from the website and spoke with an agent. I inquired to what changes were on my account that needed validation. They did not know and claimed that they were using a bank as their issuer and service provider so the bank likely knew the changes. I then explained why I was calling and the voice went silent when they realized how simple and effective the scam can be. I won’t go into any more details as to how the retailer followed up, but you get the idea.
There are solutions for retailers, issuers, and service providers to follow and we can help develop and implement a strong program that includes the web, call centers, mail, and marketing activities to cover all aspects of information protection and uniform communications tools. You can find more information here: http://jcogroup.com/phraming
Jeremy Drzal
Please see www.jcogroup.com for more information or you can contact me directly at 512.246.9301 to discuss how I can help you with a business or technology consulting project
Delicious
Digg
StumbleUpon
Propeller
Reddit
Magnoliacom
Newsvine
Furl
Facebook
Google
Yahoo
Technorati
Icerocket- jeremydrzal's blog
- Login or register to post comments
- Printer-friendly version
