Vishing via VoIP auf dem Vormarsch

abgelegt im Archiv Hintergrund am 19.07.06

Es kommt wie es kommen musste. Mit jeder neuen Technologie entsteht auch neue Kriminalität. Davon bleibt auch der Bereich VoIP nicht verschont. So hat die BBC eine Vielzahl an Beispielen aufgezeigt, wie Kunden via VoIP abgezockt werden können:


Some criminals are now using net phone systems in a bid to make their come-ons look more legitimate and convince people to hand over useful details such as credit card numbers, bank account details or personal information.


The scam has been dubbed "vishing" because, like phishing, its practitioners pose as banks and other financial institutions but use Voice over IP (Voip) technology.


Doch im Grunde genommen handelt es sich um dieselben Maschen wie schon via E-Mail üblich:



One recent con spotted by security firm WebSense put an 0800 number in an e-mail message spammed out to users asking them to call and update their bank details.


On calling the number users hear a recorded voice asking them to enter their account number using the phone's touch pad.


Anti-virus firm Sophos has also come across a combined e-mail and phone scam aimed at net payments service PayPal which also asks people to phone to update or confirm their account information.


Secure Computing has found a more sophisticated scam that avoids e-mail altogether. Instead the criminals behind this scam have programmed computers to dial a long list of phone numbers and play a recorded message to anyone that answers.


The recorded message warns that a person's credit card has been used fraudulently and asks them to enter their card number. Significantly, those responding are also asked for the security number found on the rear of the card.


The scam is lent legitimacy because net phone technology makes it easy to fake the number someone is calling from.


Von derselben Methode berichtet auch My IT Forum:



In a typical case of vishing, customers of a California bank received e-mails informing them that their online banking accounts had been disabled because the bank detected unauthorized access, according to The Wall Street Journal.



The customers were told to dial a telephone number with a local area code, where an automated voice asked them to enter their account numbers, personal-access codes, and other information.



Armed with that data, vishing scammers could access the online accounts and transfer money, or make fraudulent purchases with a stolen credit card number.


Unglaublich aber wahr: Diese Tricks funktionieren anscheinend. Denn:


Already such phishing scams cost consumers an estimated $929 million.


Was also tun, wenn man via E-Mail oder Telefon nach sensiblen Daten gefragt wird? Logisch: Einfach nicht antworten. Denn seriöse Anbieter fragen nie am Telefon oder via E-Mail nach Login-Informationen, Kreditkartendaten etc.


Auf den Punkt bringt es "A Bit of News", dass
Paul Henry von Secure Computing mit den Worten:


Common Sense is the first line of protection


zitiert. In der Tat: Gesunder Menschenverstand sorgt in aller Regel dafür, dass man vor den Attacken der Visher geschützt ist.