Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Phones & Identity Theft

Posted by ryuzaki0 on from the only-a-matter-of-time dept.

flaws writes "A CNN story details how phishers are using Internet Phones to expand their identity theft endeavors. The article demonstrates the use of caller-id spoofing to companies such as Western Union to thwart their verification system and successfully launder money. Western Union commented on the situation, stating at this time it's the only way they know how to authenticate the call. The anti-phishing working group states that telecommunications abuse is being used to fool home users into revealing their bank information over the phone."

3 of 98 comments (clear)

  1. easily solved by jacquesm · · Score: 4, Insightful
    Simply require a phone number to call back to...


    Or a faxed signature, either one will do. If it works for pizza delivery it should work for money transfers.


    Oh, and you could also block VOIP services from western union and what not until they will vouch for the identity of their users.


    Anonimity on the 'real' phone network is much easier to get than on a VOIP phone, the 'IP' bit will take care of that quite nicely, as long as you can map back between a phone number at any given moment and an IP number.


    It's a bit like a DHCP lease by a provider or a WIFI access point, if you know the timestamp and the ID used you should be able to work backwards to get more info out of the system.

    --
    MP3 Search Engine
  2. Umm by mindstrm · · Score: 5, Insightful

    If western union is using caller ID to authenticate financial matters, western union is being stupid. IT's always been possible to fake caller ID.

    Let's not blame voip.

  3. The real problem... by slavemowgli · · Score: 4, Insightful

    I think it's worth pointing out that the *real* problem (as usual) is not just technical issues, but also the end users. As long as people are naive enough to let themselves get talked into revealing personal details, passwords, credit card numbers, PINs (or whatever) over *any* medium (no matter whether it's email, over the phone, in person or anything else), phishing (and, more generally, fraud) *will* continue to be a problem.

    Technical measures may seem like they're helping on a short-term scale, but ultimately, they're just masking the real problem, which can only be solved by educating people and making it clear to them that security is something that does affect them directly.

    --
    quidquid latine dictum sit altum videtur.