Voice Phishing Hits PayPal 191
Chai Vanilla writes "The latest social engineering phishing attack is now using phones instead of fake web sites. Identity thieves have spammed fake PayPal account compromise warnings to lure users into dialing a phone number and giving up credit card information. Unlike normal phishing e-mails, there is no URL or response address. Instead, the e-mail urges the recipient to call a phone number and verify account details."
Not in the VoIP era (Score:4, Interesting)
Got that yesterday... (Score:5, Interesting)
Where can one complain about such fraudulent 1-8xx numbers to get them shut down? Additionally, how much does calling a 1-805 cost in the US, and is any part of the cost passed to the operator?
not surprising (Score:5, Interesting)
There's a small degree of higher risk, but if you get a new disposable cell phone every three days and move around all day you'd be a hard mark to hit.
Too many people are now aware of the "don't click the link" aspect of phishing, but I'm sure there are still pleanty of suckers that assume if they have your phone number you must be legit. I would not be surprised if they find a way to do this through US Mail in a way that hides their identity.
It would be interesting if one day, to get such an online account set up, they make you pass a short test, where they give you ten examples of people asking for your account information in various ways, and you have to answer "give them the information" or "report the incident to phishing.ebay.com". Anyone that answers "give them the information" on any of the questions doesn't get an account.
I wager that alone would eliminate 80% of successful phishes.
Re:Passwords (Score:3, Interesting)
One guy up here was convicted for "hacking" into the local police squad's voicemail system.
Everyone's password was (and I'm not making this up, and its NOT a Spaceballs reference) "1" "2" "3" "4" "5"
For months he listened into all sorts of messages for the detectives, including from informants, wives and girlfriends (nice to be able to blackmail a cop by threatening to tell his wife about his action on the side), etc.
You KNOW most systems have an easy password (or still have the default password).
Convicted, sentenced ... and caught doing it again - they hadn't changed the passwords a year later!!! Of course, once the story made the news, they HAD to change them (hint: if you remember the story and the police station, try "54321")
Woah, timely! (Score:4, Interesting)
(530) 204-6800 is a land line based in Davis, CA
The registered service provider is 01 Communications**.
Detailed listing information is not available.
Re:Got that yesterday... (Score:1, Interesting)
Re:"Latest" attack? (Score:2, Interesting)
Re:Tracability? (Score:3, Interesting)
You're confusing number with proportion. How many people EVER go to jail for phishing? Try reporting it to your local cop shop - you'll get the "we don't handle that here" bit. Then you're told to post your complaint to such-and-such a web site ... and nothing happens, because they're after the easy-to-bust ones - they guys running boiler-rooms going "You've just won a vacation, just send us the money for the taxes and duties."
They HAVE the tools to deal with that, so that's what they do. They DON'T have the tools to deal with phishers.
Catch 22? (Score:2, Interesting)