Secure Computing Warns of Vishing

BRACKNELL, U.K. -- Secure Computing Corporation (NASDAQ: SCUR), the experts in securing connections between people, applications and networks™, today warn that familiar phishing attacks have now evolved into phone scams. Secure Computing engineers have been tracking news group sites and open disclosure discussion groups that have been buzzing with talk about a new technique called “vishing.” This new method exploits the low cost of VoIP and combines it with the social engineering aspects of phishing to extract financial information from unsuspecting credit card and banking customers.

The scam is a telephone based version of phishing, hence the name vishing. This new technique enables cybercriminals to harvest details of the 3 digit CVV security code, expiration date and other essential ID information in addition to the customer’s card and account numbers. Paul Laudanski of CastleCops suggests that the visher used a stolen identity to set up a digital voice-response system through an Internet phone company. It's also possible that the phone number listed in the vish is routing calls to another number which could be anywhere in the world.

“Consumers need to be made aware of this new threat as it hits the UK,” said Paul Henry, vice president of strategic accounts for Secure Computing. “Like most other social engineering exploits, vishing relies upon the ’hacking’ of a common procedure that fits within the victim’s comfort zone. Specifically, this methodology takes advantage of what has become a normal practice for US credit card users. It is a normal procedure when calling a credit card provider to be asked to enter your 16-digit credit card number before given the opportunity to speak to a credit card representative. Consumers need to be extra vigilant when giving out their information on the phone.”

Secure Computing Corp. (Nasdaq: SCUR)