Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Phones & Identity Theft

Posted by ryuzaki0 on from the only-a-matter-of-time dept.

flaws writes "A CNN story details how phishers are using Internet Phones to expand their identity theft endeavors. The article demonstrates the use of caller-id spoofing to companies such as Western Union to thwart their verification system and successfully launder money. Western Union commented on the situation, stating at this time it's the only way they know how to authenticate the call. The anti-phishing working group states that telecommunications abuse is being used to fool home users into revealing their bank information over the phone."

9 of 98 comments (clear)

  1. Just another example by PhreakinPenguin · · Score: 3, Insightful

    Just another example of the thieves being ahead of the companies. Regardless of what form of verification a company comes up with, it's going to be broken or cracked by a criminal. As long as it relies on any human input, this will continue.

    --


    My sig of choice is Marlboro
  2. A fool and his money... by md8mart · · Score: 2, Insightful

    The anti-phishing working group states that telecommunications abuse is being used to fool home users into revealing their bank information over the phone.

    .. are soon parted.

    --
    Internet Speed test
    1. Re:A fool and his money... by GPLDAN · · Score: 1, Insightful

      That's a fucking typical Slashdot thing to say. Imagine if it were a retired person on a fixed income. Somebody who is easily targeted. I'm sure your sorry punk ass would be the first to go up to them and say "0wn3d".

      How you got modded up, I'll never understand.

  3. easily solved by jacquesm · · Score: 4, Insightful
    Simply require a phone number to call back to...


    Or a faxed signature, either one will do. If it works for pizza delivery it should work for money transfers.


    Oh, and you could also block VOIP services from western union and what not until they will vouch for the identity of their users.


    Anonimity on the 'real' phone network is much easier to get than on a VOIP phone, the 'IP' bit will take care of that quite nicely, as long as you can map back between a phone number at any given moment and an IP number.


    It's a bit like a DHCP lease by a provider or a WIFI access point, if you know the timestamp and the ID used you should be able to work backwards to get more info out of the system.

    --
    MP3 Search Engine
  4. Can't they... by NoMoreNicksLeft · · Score: 1, Insightful

    Get a goddamned 800 number, and use less-spoofable ANI identification? I mean, really.

  5. Umm by mindstrm · · Score: 5, Insightful

    If western union is using caller ID to authenticate financial matters, western union is being stupid. IT's always been possible to fake caller ID.

    Let's not blame voip.

  6. The real problem... by slavemowgli · · Score: 4, Insightful

    I think it's worth pointing out that the *real* problem (as usual) is not just technical issues, but also the end users. As long as people are naive enough to let themselves get talked into revealing personal details, passwords, credit card numbers, PINs (or whatever) over *any* medium (no matter whether it's email, over the phone, in person or anything else), phishing (and, more generally, fraud) *will* continue to be a problem.

    Technical measures may seem like they're helping on a short-term scale, but ultimately, they're just masking the real problem, which can only be solved by educating people and making it clear to them that security is something that does affect them directly.

    --
    quidquid latine dictum sit altum videtur.
  7. Re:Poorly designed/implemented standards by LiquidCoooled · · Score: 2, Insightful

    The red team you speak of are commonly the end-users.

    Depending upon standards is tricky.
    Especially where the "standard" is created before its niche use has been identified. You could spend hundreds of man hours in a focus group hammering out a standard, and then have the users do something completely different, which just makes a mockery of your standards.

    Recently, we have all been pushing for IE to become "standards compliant", but my understanding of a "standard" is one that everybody uses, in this case, the IE renderer is the standard - hence so many websites look like shit in FF.

    --
    liqbase :: faster than paper
  8. Solution by t_allardyce · · Score: 3, Insightful

    This is what gets me about the entire telemarketing industry -

    If you get a phone call and someone tries to sell you something, you have absolutely no idea who they really are, what company they really represent and even if they are in the same country as you, why on earth would anyone give them credit card details to make a purchase?!?

    Im surprised this hasn't been going on for decades:
    1) Call random people
    2) Offer them an amazing deal
    3) Take credit card and address details
    4) Fucking profit big-time

    Add to that, find a country that has no extradition treaties with yours and only call people in that country, the long-distance charge will be worth it from all the money you rake in from total fucking idiots who are prepared to give you their credit card without any credentials.

    The fact that there actually is a telemarketing industry proves that some people must be stupid enough. From now on I propose a special 'code word' which will be known among telemarketers and non-stupid people the conversation will go something like this:

    A: Good morning sir, Im wondering if you would be interested in this special offer we..
    B: Banana!
    A: Oh terribly sorry to bother you sir, ill take you off all telemarketing lists immediately, thank you.

    This code word has basically told the marketer that you are not a total retard and are not worth calling in the future so that they may remove you from their list and actually save themselves time and money! All the actuall idiots who would fall for this crap can then have more telemarketers calling them and everyone is happy..

    --
    This comment does not represent the views or opinions of the user.