Phone Scams and Panic Attacks
Here's a somewhat novel social engineering attack, flagged by John Leyden in The Register: a voicemail phishing scam (vishing, if you must) that threatens victims with heavy fines and even imprisonment as a result of their visiting the Wikileaks site. The attacker leaves a message including a number victims are supposed to ring to sort out the "problem", and though the calls have a caller ID, it isn't valid.
Of course, they need not have actually visited the site (and even if they had, it's not illegal to do so, though it may be unwise if you're US military (and therefore banned from accessing it) or if you're using your employer's resources.
I say "somewhat" novel because although I haven't come across a scam that makes this particular misuse of the Wikileaks issue. But of course, many scams work by panicking victims into taking some unwise action, whether it's parting with their credit card details or opening a malicious program, claiming that some problem or illegal action is associated with their computer or IP address, such as transmitting malware or visiting paedophile or other pornographic sites.
So the first take-home message is, don't panic! In fact, beware of any attempt to rush you into action: and that's as useful a rule of thumb when offered unsolicited double-glazing deals as it is when contacted by phoney law-enforcement agencies.
David Harley
2 Responses to “Phone Scams and Panic Attacks”
Leave a Reply
- David Harley (743)
- Randy Abrams (431)
- Cameron Camp (111)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (29)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
January 20th, 2011 at 12:06 pm
So what happens if you do call the number?
January 20th, 2011 at 2:09 pm
I think you get conned…