Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Fraudulent ATM Reactivation Phone Calls. InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fraudulent ATM Reactivation Phone Calls.

Published: 2008-10-20
Last Updated: 2008-10-21 00:02:49 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Thanks to our reader Glenn for alerting us of this scheme: He received an automated phone call, telling him that his ATM card has been deactivated. The system then offered him to re-activate it. He didn't fall for it, and instead called his bank. His bank told him that they had multiple reports like that, and the calls are false.

Lessons learned:

  • first of all, the bank should somehow identify itself by telling you something only they know. Your account number maybe?
  • better: call them back at a listed number. Do not ask them what number to call. Usually, the fraudsters will use an automated system to call you, not a human (but they may).
  • never provide confidential information like account numbers, social security numbers, PINs, passwords over the phone.

This event reminds me of one result our web-application honeypot project yielded so far: Attackers are actively looking for open VoIP web based admin interfaces like asterisk/trixbox/freepbx. Don't forget to secure them with passwords AND limit admin access to machines from your IP address space. It is likely that compromissed VoIP systems are used to launch these attacks.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: fraud vishing voip
0 comment(s)
Diary Archives