Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Google Chrome Vulnerabilities | Main | The Benefits and Risks of Social Networking »

Vishing Attacks Becoming More Realistic

Last summer we posted an article The Basics of Vishing on the social engineering scam technique that uses VoIP. Now SANS is reporting on some new techniques that make vishing attacks even more realistic.

For example, vishers are recording snippets from the target company using them in the vishing lure. Since VoIP caller IDs can be spoofed, its a good idea to verify the company number. Vishers are on top of this one too according to SANS by:


1. Using search engine optimisation (SEO) poisoning techniques to position the fake phone numbers associated to legitimate organisations on top of search engines.
2. Encouraging the victim (through the initial fake e-mail) to call the fake number.

Websense found these techniques in use in China. This isn't the first time vishers have used a combination of technologies to appear more legitimate. Last spring Brian Krebs reported on a vishing scam that used a combination of Web hacking and cell phone texting.

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on September 8, 2008 7:48 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/835

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net