| Just when we had learnt not to open e-mails from anyone we did not know, or click on links in e-mails with unfamiliar websites, now comes a new technology threat aimed at getting personal information for fraudulent purposes. |
| Vishing, as it is called, is the use of voice-over-internet protocol (VoIP) telephone calls to obtain credit card information from unsuspecting consumers. |
| Vishing scammers work on the assumption that people consider a phone message more credible than an e-mail request to provide credit card or account information. |
| "We had the first vishing scam earlier this year. An e-mail asking the user to call a 1-800 number set the ball rolling for vishing and we have also had the first vishing attempt over SMS," says Patrick Runald, senior security specialist, F-Secure Corporation. While vishing is an emerging threat, it's still far less common than normal phishing. |
| Internet telephony made an appearance four years ago in India and has seen a steady momentum since then. VoIP usage, which was recorded at 56 million minutes during the third quarter of 2005-2006, registered a sharp increase to almost a billion minutes during the last quarter. |
| Although the average international long distance (ILD) telephony market usage stands at a little over 600 million minutes per quarter, this is fast increasing thanks to popular VoIP applications like Skype. |
| There are mainly two kinds of VoIP services: phone-based and computer-based. These services allow you to make phone calls using either your regular phone or a computer headset with a microphone, respectively. |
| "Although only a few vishing scams have been reported, it would appear criminals are at least in the experimental stage and are learning how best to combine VoIP technology with social engineering techniques to gain maximum return on their exploits," feels Yugal Sharma, country manager (India & SAARC), Polycom. |
| As with phishing scams and other exploits attempting to defraud people, creating awareness and educating consumers will prove important in minimising the losses due to vishing attacks, he adds. Future attacks, warn experts, will only get more sophisticated and will use menu systems and professional-quality recorded voices that better mimic real bank systems. |
| At present, a VoIP user gets an e-mail telling them about strange activities on their account and that he needs to call a specified number to verify the account details or get more information. Once they call, they either end up at a fake telephone bank or they end up talking to a real person asking them for their card details and pin codes to verify who they are. |
| "We have also seen cases where the user is actually forwarded to the real telephone bank once the bad guys have stolen the information they need," shares Runald. A simple solution that F-Secure deploys is to filter out the e-mails that ask the users to call a specific number. |
| And this is not the end. Another fast emerging threat to VoIP networks and users is SPIT, or Spam over Internet Telephony. SPIT is the VoIP equivalent of email spam, or unwanted, unsolicited marketing and junk email. What can it do? Spammers can literally clog your voice mailbox with junk messages, causing both inconvenience and irritation. |
| "Because it concerns voice which typically takes up more bandwidth than data, network speeds are also likely to be affected," explains Sharma. |
| The next time you hear, "Welcome to account verification," try and find out if it is a "welcome" or a "vish". |
| VISHING ATTACK |
| A person receives a call and a recorded voice says that his credit card information has been compromised. He is asked to immediately call the identified number |
| The person calls that number. Another recorded message identifies the service as the account verification service and requests the caller to enter his account number. The person has now become a victim of the scam |
| The hackers use a technique called "war dialing", a telephone equivalent of mass mailing. This allows the hackers to make hundreds of telephone calls in a short period of time "" all at the expense of the victim! |
Top Section
Explore Business Standard