11/23/2014

this is why financial and governmental institutions need a protected range of phonenumbers

"Pindrop Security today warned financial institutions and their customers about a telephone scam they've dubbed the "misdial trap."

 

Fraudsters buy phone numbers similar to legitimate businesses, and pose as that business's customer service line when customers misdial -- not unlike how some fraudsters buy domain names similar to legitimate online businesses and create sites that mimic them, according to Pindrop.

 

The numbers fraudsters typically choose will have the same first six digits as the legitimate business, with only the final digit changed, or they will have the same seven-digit number but a different area code -- a toll-free number area code, for example.When they hook a customer, they pretend they are customer service for the company in question and request sensitive data from customers -- sometimes offering a free gift card in exchange.

 

Some 103 of the 600 financial institutions examined by Pindrop Security were affected by the misdial trap
http://www.darkreading.com/attacks-breaches/misdial-trap-...

just as domainnames should be forbidden to include the household names of banks and other financial services if they aren't operated by them (like mastercard, dexia, etc....)

otherwise the problem of vishing will only increase (phishing by phone)

but don't forget with VOIP it is possible to hijack numbers or to impersonate numbers because the only thing it takes is a server online (which will disappear once the money is taken)

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.