Slashdot Mirror


Internet Phones & Identity Theft

flaws writes "A CNN story details how phishers are using Internet Phones to expand their identity theft endeavors. The article demonstrates the use of caller-id spoofing to companies such as Western Union to thwart their verification system and successfully launder money. Western Union commented on the situation, stating at this time it's the only way they know how to authenticate the call. The anti-phishing working group states that telecommunications abuse is being used to fool home users into revealing their bank information over the phone."

4 of 98 comments (clear)

  1. Does this affect ANI? by bigtallmofo · · Score: 4, Interesting

    I have a block for caller ID on my home phone. I know that when I call a 1-800 number though, they still are easily able to discern what my true phone number is. My understanding is that this is by using Automatic Number Identification - ANI. Does Western Union not use this or do VoIP phones allow you to fake this as well as standard caller ID? If the latter, then I think we have bigger problems than Western Union. Most 911 systems use ANI also. Imagine if knuckleheads could make anonymous calls to 911.

    --
    I'm a big tall mofo.
  2. The only way they know? by arodland · · Score: 4, Interesting

    Has Western Union never heard of calling the number back?

  3. Sharing Secrets by wheelbarrow · · Score: 4, Interesting

    This is really a matter for public education rather than the heavy hand of the law to solve.

    I'd like to start a consumer movement where each consumer can generate a set of private and public encryption keys. The consumer can publish the public key and it will be used by credit card issuers to issue new credit card numbers to the consumer. Then, only the consumer can decrypt and use those numbers. If consumers use this as the only means of transferring critical personal information then the phishers will be defeated.

  4. This is nothing. Phisher's are getting really bold by gru3hunt3r · · Score: 5, Interesting

    I work for an an e-commerce software company that processes several million dollars in sales a month.

    In the past few weeks we've had scam artists targeting our customers offering to do free SEO analysis only to get in and download their customer base.

    They claim to be partners of ours, and they tell the business they need admin access to do the study and they'll give them a free report.

    Of course they get in, as admin, then they download the order history and customer list and start calling the customers saying "we had a problem with your order can you please verify your credit card number ending in [last 4 digits]" and most honest people happily oblige by repeating the valid credit card number over the phone. Then they ask for the CVV/CID # Yeoch!
    Fortunately a lot of our sales go through Paypal which isn't subject to that sort of phraud.

    I figure a single break in could easily net them 50,000 valid credit cards. Very scary.

    I suspect the calls originate from hacked out IP Phones.

    Here's how we fixed the problem so that our customers they could verify the identity of our staff and our legitimate partners:

    http://webdoc.zoovy.com/info/index.php?GOTO=guide/ authkey.php