Beware the 'vishing' well: phone gangs have your number
The new hi-tech fraud targets those who make internet calls
Sunday 06 August 2006
When one door closes, another one opens - or at least that's the way it seems for the fraudsters in our midst.
Just as the banks start to get a grip on the cloning of credit cards - by protecting customers with chip and pin - computer-literate conmen have found another rich seam to mine: internet telephony.
It appears criminals are now targeting the users of Voiceover Internet Protocol (VoIP), the technology that allows free phone calls on the web. Their hi-tech crime is known as "vishing" - a variation on the "phishing" scam, in which people are duped into divulging their bank details by emails claiming to be from their bank. In this case, however, the victims are pursued through VoIP.
"While internet users have been educated to recognise and delete phishing emails, VoIP users are more likely to be trapped by so-called vishing messages simply because they are not aware of this problem," warns Dave Axam, spokesman for future voice products at BT.
With VoIP, as long as customers are with the same provider, they can call one another over the internet for nothing - even if they are on the other side of the world and provided they can get a broadband connection on their computers. Phone calls from computers to landlines via VoIP are also available at much cheaper rates than ordinary landline calls.
More than half a million "early adopters" are already making the most of VoIP in the UK, but as mainstream companies start to offer the technology - Tesco is now in the market, alongside established players such as Skype and Vonage - its popularity is set to grow still further. Up to three million people are expected to be regular users within a couple of years.
But partly because the technology is so new, fraudsters are finding it easy to target customers.
"VoIP users may never have heard of vishing," explains Kim Gilmour, senior researcher for Computing Which?, the technology arm of the consumer body. "When they get a call over VoIP claiming to be from their bank, they can be easily fooled."
There are two main ways in which criminals are attacking VoIP users.
The first is to send a phone message or email, ostensibly from the person's bank, via their VoIP phone. The message claims that the victim's credit card has been used illegally and gives a phone number for them to call to verify bank details.
"It's the phone number that will trick many people into calling back," says Mr Axam at BT. "VoIP has the capability of assigning a geographic number to any area, so you could be in another town or country but have an 0207 number, which seems to indicate that you are in London."
This is known as a "spoof" number.
"People see the number, think the call has come from their bank, and call up," Mr Axam continues. "They are then linked to an automated voice response, which asks them to confirm their banking details. This is where the data that can be used by criminals is captured; people answer the questions without thinking."
The other way in which criminals are using VoIP involves software called a "war dialler", which can enable a hacker to make large numbers of calls at the same time. Any calls that are answered by VoIP users link directly to an automated voice response, which once again asks for bank details.
Just as unwanted emails are known as spam, these unwanted phone messages are termed "spit".
Although companies providing VoIP in the UK say they have not yet been alerted by their customers to any vishing attacks, they are aware of the problem.
"Some of the bulletin boards have been discussing it recently, so it is obviously something that we have to watch out for," says Mr Axam.
And there are concerns that as VoIP enters the mainstream, fraudsters will bombard users with these messages because it can be done at no cost. Some providers block outgoing caller IDs on their VoIP communications, which means users cannot be "spoofed" by rogue messages. Babble and Skype are two that currently do this; with other providers, there is no way of knowing if an incoming call is from a legitimate source. Companies are also developing spit filters, which will work in the same way as email spam filters.
As a VoIP user, there are some simple steps you can take to protect yourself. Most of the advice is common sense and very much along the lines of that given to combat phishing.
If you get a call from a number or caller ID you don't recognise, then let it go to your voicemail. This way, you can give yourself time to think about whether you want to respond to it.
Just as you would refuse to disclose personal information in response to an unsolicited email from your bank, you should not respond to a similar request made in an unsolicited phone call. Any call asking for your credit card or bank account number or your passwords could be bogus; you should never reveal your banking details unless you can be absolutely certain who you are revealing them to.
The best action is to end the call and phone your bank on the official number on the back of your credit card or bank statement. Report any attempts at vishing to your bank, and also inform your VoIP provider.
- 1 Thailand deaths: Pair's bloodied bodies found naked on Koh Tao beach
- 2 Scottish independence: Ireland since 1919 is a lesson for Scotland in what a Yes vote means
- 3 Daniele Watts: Django Unchained actress detained by Los Angeles police after being mistaken for a prostitute
- 4 Kanye West stops concert after two fans don't stand up - doesn't realise one is in wheelchair and the other disabled
- 5 QS university world rankings: Imperial College London leapfrogs Oxford to join Cambridge as best British university
Daniele Watts: Django Unchained actress detained by Los Angeles police after being mistaken for a prostitute
The political class is doing what Hitler couldn’t – destroying Britain
Scottish independence: Nationalist leader Jim Sillars threatens pro-union companies with 'day of reckoning' after independence
Scottish independence: Yes campaign feels the heat as Alex Salmond's NHS claims come under furious attack
Portuguese academic says British are 'filthy, violent and drunk'
£23m Birmingham cycle scheme is attacked by Tory councillor for not catering to the elderly
iJobs Money & Business
£20 - 24k (Uncapped Commission - £35k Year 1 OTE): Guru Careers: We are seekin...
£20 - 24k + Benefits: Guru Careers: This is a great opportunity for an enthusi...
£280 - £320 per day: Ashdown Group: The Ashdown Group have been engaged by a l...
£400 - £450 Per Day: Clearwater People Solutions Ltd: **URGENT CONTRACT ROLE**...
Day In a Page
A first-floor flat with two bedrooms, a spacious reception room and communal grounds in a leafy part of London
A three-bedroom flat with a spacious rootop terrace and balcony, accessed from a private gated courtyard
A Grade II-listed pile with six bedrooms, stables and 39 acres of grounds in Standlake
A two-bedroom flat with boutique hotel-style interiors, close to the foodie haunt of West End Lane
A two-bedroom flat in a beautiful old vicarage, with many original features, close to the city centre
A three-bedroom 16th-century home with an aga kitchen, private gardens and heated outdoor pool, in Hadleigh
A three-bedrom home in sought-after Queen's Gate Mews, with Italian marble-finished bathrooms
Surrounded by glorious countryside in the village of Udimore, sits this impressive four-kiln oast and barn conversion
A five-bedroom house in the picturesque village of Kettlewell, north Yorkshire
An 18th-century former coaching inn with original staircase, open fireplaces and beams throughout
A Grade II-listed Georgian town house with three bedrooms and a south-facing courtyard, near Arundel Castle
Feel on top of the world at this über chic penthouse on the 37th floor of one of Europe’s tallest blocks.
A Grade II-listed Victorian villa with six bedrooms and two further cottages, all with spectacular sea views
A grade II-listed, Georgian cottage with mature 50ft garden, perfect for summer entertaining
A magnificent Georgian pile with turrets, seven bedrooms, a heated pool and four acres of gardens
Fairoak Farm has five bedroom suites, gym, outdoor swimming pool and golf course
Chic two-bedroom river-fronted flat with a private lift that delivers you directly to your home
A spectacular seven-bedroom Tudor pile, once owned by Henry VIII, with 18 acres of land
A seven-bedroom Georgian property previously used as a picturesque wedding venue
A split-level flat in a church conversion with two en suite bedrooms and 1,200sq ft of living space
A three-bedroom bungalow situated behind an impressive stone wall, £645,000
Windsor Castle overlooks this three-bedroom Victorian cottage located on one of Windsor's smartest roads
Chapel House is a former vicarage with nine bedrooms in the beautiful Upper Wye Valley
A five-bedroom B&B and separate owner's accomodation with potential for conversion
Enjoy summer by the Thames in this two double-bedroom converted warehouse in Rotherhithe village
A one-bedroom, luxury apartment with private gym and concierge service in Moorgate
A four-bedroom house in Hermitage Gardens with three reception rooms and landscaped gardens
A seven-bedroom Grade II-listed property with a separate self-contained apartment
A five-bedroom Victorian house with three reception rooms and galleried landing, £695,000
A six-bedroom farmhouse with five acres of land in a former cloth-making village
A secluded seven-bedroom detached house with large private garden, £490,000
A three-bedroom cottage overlooking Sarratt village green with open fires and solid oak floors
A three-bedroom maisonette flat in a Grade I-listed, Georgian townhouse in a sought-after location
A one-bedroom apartment located within a private gated development, north of Turnham Green
Look forward to a brighter future at two-bedroom Sunny Cottages, ideal for Londoners looking to downsize
A three-bedroom red-brick cottage with outbuildings and pretty gardens, £200,000
This three-bedroom flat within a former textile factory spans the corner of the fourth floor and has a balcony