Criminals are putting a new voice to the traditionally anonymous world of online crime.
Scammers have taken to making calls via Skype — the popular Voice over IP (VoIP) calling software — and attempting to scare victims into downloading and installing rogue antivirus software, Brian Krebs wrote this week on his Krebs on Security blog.
Skype has more than 600 million users and, like other VoIP services, is very inexpensive, giving criminals an enticing new pool from which to draw.
Skype can also be used to call landlines or mobile phones, meaning no matter where you are, a fake bank could put you in real danger.
Unfortunately this isn’t the only way scammers are making their voices — or at least their text messages — heard.
Smishing and vishing
Several recent reports have highlighted the dangers of “smishing” scams, which send unsolicited text messages telling recipients they need to contact their bank immediately.
The victim is asked to call a toll-free number included in the text and provide their account information and password to an automated voice-response system. The problem is that neither the SMS nor the number to be called have anything to do with the bank.
A variant called "vishing" is even sneakier — it uses pre-recorded "robocalls" instead of SMS to contact victims.
To the security-conscious, these ploys are easily thwarted by simply deleting the message and calling or visiting your bank branch to see if there is indeed a problem.
“If people fall for these scams, it is because they haven't learned to be as suspicious of strange texts as they may be of random phone calls or emails asking for information,” Krebs told SecurityNewsDaily.
Would you fall for this? Maybe not, but the scams are working.
More security news from MSNBC Tech & Science
How crooks fake an ATM and steal your money
There's no dearth of sophisticated gear for the aspirational ATM thief. But skimmers don't exactly have an aisle at Wal-Mart. Gizmodo takes a look at the scary Internet black market where fraudsters get their tools — or get swindled themselves.
- Man pleads not guilty to running vast spam network
- Charles Manson had cell phone under mattress
- NYT: China hacked Google, leaked cables say
- How crooks fake an ATM and steal your money
Where there's a scam, there's a victim
Last month a smishing scam spread through the campus of the University of Kansas at Lawrence, notifying students that the campus would be closed, Kansan.com reported.
In order to receive the full alert, recipients were asked to call a number and give their personal information to an automated system that in fact had nothing to do with the school.
Similar money-hungry smishing scams hit Fort Myers, Fla., and Wichita Falls, Texas, in late February.
Roel Schouwenberg is a senior antivirus researcher at the security firm Kaspersky Lab. He told SecurityNewsDaily that smishing scams are “a serious threat,” and can be hard to detect on smartphones and mobile devices because “the limited resolutions on screens — and basic browsers — make it much harder to spot a fraudulent website.”
Schouwenberg said the devious nature of smishing and vishing scams grew out of traditional email phishing scams that have been around for decades.
Fake banks, real problems
“A couple years back I saw a case in the Netherlands where the bad guys had gone as far as renting office space for their scam,” Schouwenberg said. “Victims were sent emails with information on the ‘new office’ complete with a special phone number. The office was completely branded as the targeted bank, complete with desk clerks and fake customers.”
To stay safe, experts recommend approaching unsolicited messages with a healthy dose of skepticism.
“Be wary of unsolicited communication from your bank,” Schouwenberg told SecurityNewsDaily. “When you suspect something is wrong, tell the person on the other line that you're going to contact the bank directly. Regardless of the communication method they used — phone, SMS or email — simply use the contact information that's on your debit [or ATM] card."
- Cybercrime Blotter: High-Profile Hacks of 2011
- Glue-Toting Thieves Stick It to ATM Users
- Tips for Avoiding eCommerce Consumer Fraud
© 2012 SecurityNewsDaily. All rights reserved