Vishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP makes formerly difficult-to-abuse tools/features of caller ID spoofing, complex automated systems (IVR), low cost, and anonymity for the bill-payer widely available. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, the consumer is advised to contact their bank or credit card company directly to verify the validity of the message.^{[citation needed]}

There is technology that monitors all public switched telephone network (PSTN)-based traffic and can identify vishing attempts as a result of patterns and anomalies in call activity. One example is a multiple calls from a limited set of skype numbers to call centers.

Contents 1 Example 2 See also 3 External links 4 References

[edit] Example

1. The criminal configures either a war dialer to call phone numbers in a given region or accesses a legitimate voice messaging company with a list of phone numbers stolen from a financial institution.
2. When the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
3. When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad.
4. Once the consumer enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account.
5. The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc.

(In a common variation, an email "phish" is sent instead of war-dialing - the victim is instructed to call the following phone number immediately and credit card or bank account information is gathered)

[edit] See also

• Phishing
• SMiShing
• VoIP spam

[edit] External links

• vnunet.com story: Cyber-criminals switch to VoIP 'vishing'
• BBC News story: Criminals exploit net phone calls
• The Paper PC: Messaging Security 2006: Vishing: The Next Big Cyber Headache?
• The Register: FBI warns over "alarming" rise in american "vishing"
• Phone Phishing: Phone Phishing - The First Phone Phishing and Scams Report Site

[edit] References

This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (June 2007)

This crime-related article is a stub. You can help Wikipedia by expanding it. v • d • e

v • d • e Spamming Protocols E-mail Address munging · Bulk email software · Directory Harvest Attack · Joe job · DNSBL · DNSWL · Spambot · Pink contract Other Autodialer/Robocall · Flyposting · Junk fax · Messaging · Mobile phone · Newsgroup · Telemarketing · VoIP Anti-spam Disposable e-mail address · E-mail authentication · SORBS · SpamCop · Spamhaus · List poisoning · Bayesian spam filtering · Network Abuse Clearinghouse Spamdexing Keyword stuffing · Google bomb · Scraper site · Link farm · Cloaking · Doorway page · URL redirection · Spam blogs · Sping · Forum spam · Blog spam · Social networking spam · Referrer spam Internet fraud Advance fee fraud · Lottery scam · Make Money Fast · Microcap stock fraud · Phishing · Vishing