Alan tells us that several AT&T cell subscribers have just received a text message, which instructs them to call a toll-free number XXX-XXX-7649 to resolve a problem with their account.  When called, a voice menu harvests their credit card information. 

An interesting delivery mechanism for an old-hat phish, which we're all used to seeing in our email inboxes - now bright-shiny-new as a text message - nice find Allan!

Johannes tested this with the 4111 1111 1111 test card number, which the phish menu verified correctly.  Subsequent tests indicate that a random 16 digit number is initially accepted by the voice menu, but fails verification at the end of the input process.  This indicates that the menu is actually verifying and processing the CC numbers correctly, and is most likely processing (evil) transactions in close to real-time.

A recording of a successful transaction is here ==> http://johannes.homepc.org/scam.mp3

Since first posting this story, we've had reports of similar attacks on Nextel (Sprint) and T-Mobile, and I'm sure the list will grow as more folks report in.

Also since posting this story, the process of taking down the original number has been initiated, but this is still a valuable discussion to have, as it's becoming a more common occurance.

Don Smith (another ISC handler) has some other interesting interesting diary entries on this here ==> http://isc.sans.org/diary.html?storyid=4507

and here ==> http://isc.sans.org/diary.html?storyid=4180

Always interesting to keep tabs on what evil lurks out there !