Criminals are putting a new voice to the traditionally anonymous world of online crime.
Scammers have taken to making calls via Skype — the popular Voice over IP (VoIP) calling software — and attempting to scare victims into downloading and installing rogue antivirus software, Brian Krebs wrote this week on his Krebs on Security blog.
Skype has more than 600 million users and, like other VoIP services, is very inexpensive, giving criminals an enticing new pool from which to draw.
Skype can also be used to call landlines or mobile phones, meaning no matter where you are, a fake bank could put you in real danger.
Unfortunately this isn’t the only way scammers are making their voices — or at least their text messages — heard.
Smishing and vishing
Several recent reports have highlighted the dangers of “smishing” scams, which send unsolicited text messages telling recipients they need to contact their bank immediately.
The victim is asked to call a toll-free number included in the text and provide their account information and password to an automated voice-response system. The problem is that neither the SMS nor the number to be called have anything to do with the bank.
A variant called "vishing" is even sneakier — it uses pre-recorded "robocalls" instead of SMS to contact victims.
To the security-conscious, these ploys are easily thwarted by simply deleting the message and calling or visiting your bank branch to see if there is indeed a problem.
“If people fall for these scams, it is because they haven't learned to be as suspicious of strange texts as they may be of random phone calls or e-mails asking for information,” Krebs told SecurityNewsDaily.
Would you fall for this? Maybe not, but the scams are working.
Where there's a scam, there's a victim
Last month a smishing scam spread through the campus of the University of Kansas at Lawrence, notifying students that the campus would be closed, Kansan.com reported.
In order to receive the full alert, recipients were asked to call a number and give their personal information to an automated system that in fact had nothing to do with the school.
Similar money-hungry smishing scams hit Fort Myers, Fla., and Wichita Falls, Texas, in late February.
Roel Schouwenberg is a senior antivirus researcher at the security firm Kaspersky Lab. He told SecurityNewsDaily that smishing scams are “a serious threat,” and can be hard to detect on smartphones and mobile devices because “the limited resolutions on screens — and basic browsers -- make it much harder to spot a fraudulent website.”
Schouwenberg said the devious nature of smishing and vishing scams grew out of traditional e-mail phishing scams that have been around for decades.
Fake banks, real problems
“A couple years back I saw a case in the Netherlands where the bad guys had gone as far as renting office space for their scam,” Schouwenberg said. “Victims were sent e-mails with information on the ‘new office’ complete with a special phone number. The office was completely branded as the targeted bank, complete with desk clerks and fake customers.”
To stay safe, experts recommend approaching unsolicited messages with a healthy dose of skepticism.
“Be wary of unsolicited communication from your bank,” Schouwenberg told SecurityNewsDaily. “When you suspect something is wrong, tell the person on the other line that you're going to contact the bank directly. Regardless of the communication method they used — phone, SMS or e-mail — simply use the contact information that's on your debit [or ATM] card."