Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Fraudulent ATM Reactivation Phone Calls. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Fraudulent ATM Reactivation Phone Calls.

Thanks to our reader Glenn for alerting us of this scheme: He received an automated phone call, telling him that his ATM card has been deactivated. The system then offered him to re-activate it. He didn't fall for it, and instead called his bank. His bank told him that they had multiple reports like that, and the calls are false.

Lessons learned:

  • first of all, the bank should somehow identify itself by telling you something only they know. Your account number maybe?
  • better: call them back at a listed number. Do not ask them what number to call. Usually, the fraudsters will use an automated system to call you, not a human (but they may).
  • never provide confidential information like account numbers, social security numbers, PINs, passwords over the phone.

This event reminds me of one result our web-application honeypot project yielded so far: Attackers are actively looking for open VoIP web based admin interfaces like asterisk/trixbox/freepbx. Don't forget to secure them with passwords AND limit admin access to machines from your IP address space. It is likely that compromissed VoIP systems are used to launch these attacks.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Intrusion Detection In-Depth - SANS Boston Summer 2019

Johannes

3576 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!