The cybercrime underground is a vast and seedy warehouse of tricks and tools — a magic shop for miscreants. In his endless digging into that dark world, noted researcher Brian Krebs found a spam service that crooks can purchase to tie up a land line or mobile phone while robbing its owner.
The service, Krebs said, enables crooks to launch denial-of-service attacks against phone lines, flooding them with an automated barrage of rapid-fire calls that will prevent their owners from properly using their phones.
If you get caught in a tornado of phony phone calls, it's likely that your online banking credentials are at risk, the FBI says.
While the FBI warned about this more than a year ago, the spam service came to light again this month, when, amid widespread protests against Russian Prime Minister Vladimir Putin, pro-Putin parties drowned out dissenters' voices by paralyzing their phone lines with a recorded voice repeating: "Putin is life. Putin is light. Without Putin, life has no meaning. Putin is your protector. Putin is your savior."
[Cybercriminals Create Online Traffic James to Cover for Bank Heists]
The phone spam service costs $5 an hour, or $40 a day, Krebs said, and each call appears to come from a different phone number.
The FBI said the calling attack is actually a diversionary tactic to cover for a much more serious offense.
Months before they hit the victim with the phone jam, crooks typically use social engineering or phishing attacks to siphon victim's bank account numbers and passwords. When it's time for the heist, the crooks will set the phone attack in motion and pose as the customer to make the withdrawal. The bank, noticing unusual activity on the account, will attempt to contact the customer but will be unable to get through. By the time the robbery is finished and the phone calls stop, the damage has been done.
"The easy availability of this criminal offering highlights once again how nearly every aspect of the cyber underground has been converted into a service for hire," Krebs wrote.
If you find yourself caught up in this phone spamming attack, immediately notify your bank that someone is tampering with your account.