Vishing

Vishing

Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the bill-payer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, the consumer is advised to contact their bank or credit card company directly to verify the validity of the message. Fact|date=June 2007

There is technology that monitors all PSTN based traffic and can identify vishing attempts as a result of patterns and anomalies in call activity. One example is a multiple calls from a limited set of skype numbers to call centers.

Example

#The criminal configures either a war dialer to call phone numbers in a given region or accesses a legitimate voice messaging company with a list of phone numbers stolen from a financial institution.
#When the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
#When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
#Once the consumer enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account.
#The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc.

(In a common variation, an email "phish" is sent instead of war-dialing - the victim is instructed to call the following phone number immediately and credit card or bank account information is gathered)

See also

* Phishing
* VoIP spam

External links

* vnunet.com story: [http://www.vnunet.com/vnunet/news/2160004/cyber-criminals-talk-voip Cyber-criminals switch to VoIP 'vishing']
* BBC News story: [http://news.bbc.co.uk/1/hi/technology/5187518.stm Criminals exploit net phone calls]
* The Paper PC: [http://paperpc.blogspot.com/2006/10/messaging-security-2006-vishing-next.html Messaging Security 2006: Vishing: The Next Big Cyber Headache?]
* The Register: [http://www.theregister.co.uk/2008/01/21/fbi_vishing_warning/ FBI warns over "alarming" rise in american "vishing"]

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Vishing — ist eine Form des Trickbetrugs im Internet. Die Bezeichnung steht für „Voice Phishing“ und ist von dem englischen Begriff für abfischen (fishing) sowie der Methode der eingesetzten VoIP Telefonie abgeleitet. Dabei wird per automatisierten… …   Deutsch Wikipedia

  • Vishing — es una práctica criminal fraudulenta en donde se hace uso del Protocolo Voz sobre IP (VoIP) y la ingeniería social para engañar personas y obtener información delicada como puede ser información financiera o información útil para el robo de… …   Wikipedia Español

  • vishing — /vish ing/ (computing) noun The practice of making VOIP telephone calls in an attempt to elicit confidential information for financial gain ORIGIN: From voice phishing …   Useful english dictionary

  • vishing — pp. Attempting to fool a person into submitting personal, financial, or password data either by sending an email message that includes a scammer controlled phone number, or by spoofing an automated phone call from a financial institution using… …   New words

  • vishing — noun A form of phishing using a telephone call to the prospective victim. Vishing takes advantage of the trust that most people place in the telephone network …   Wiktionary

  • vishing — /ˈvɪʃɪŋ/ (say vishing) noun a form of phishing, and hence illegal, using voice over IP systems in an attempt to elicit credit card or banking information under the guise of an official inquiry, relying on the inherent trust in landlines that… …  

  • Spam (electronic) — An email box folder littered with spam messages A typical spam m …   Wikipedia

  • Phishing — In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic… …   Wikipedia

  • Badware — Als Malware [ˈmælwɛə] (Kofferwort aus engl. malicious, „bösartig“ und Software) oder Schadprogramm bezeichnet man Computerprogramme, welche vom Benutzer unerwünschte und ggf. schädliche Funktionen ausführen. Da ein Benutzer im Allgemeinen keine… …   Deutsch Wikipedia

  • Computersicherheit — Als Informationssicherheit bezeichnet man Eigenschaften von informationsverarbeitenden und lagernden Systemen, welche die Vertraulichkeit, Verfügbarkeit und Integrität sicherstellen. Informationssicherheit dient dem Schutz vor Gefahren bzw.… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”