Voice Phishing Hits PayPal

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Saturday July 8, 2006 @04:26AM from the eight-six-seven-five-three-zero-nine dept.

Chai Vanilla writes "The latest social engineering phishing attack is now using phones instead of fake web sites. Identity thieves have spammed fake PayPal account compromise warnings to lure users into dialing a phone number and giving up credit card information. Unlike normal phishing e-mails, there is no URL or response address. Instead, the e-mail urges the recipient to call a phone number and verify account details."

4 of 191 comments (clear)

Min score:

Reason:

Sort:

Not in the VoIP era by Andy+Dodd · 2006-07-08 04:37 · Score: 3, Interesting

There are now plenty of companies (such as StanaPhone) that provide a free DID, all you need to do is register with them. Their business model is that they make money on outgoing calls, but most of them don't require payment until you actually decide to make such a call.

--
retrorocket.o not found, launch anyway?
Got that yesterday... by canavan · 2006-07-08 04:37 · Score: 4, Interesting

I've gotten that phishing mail yesterday, and called the number (1-805-214-4801) immediately. The system's recordings were chopped and barely intellegible, and I was prompted to enter "my 16 digit credit card number" (which was indeed verified to at least follow the basic rules of correctess or be rejected), and its expiry date, but nothing like a name or even the paypal account data.

Where can one complain about such fraudulent 1-8xx numbers to get them shut down? Additionally, how much does calling a 1-805 cost in the US, and is any part of the cost passed to the operator?
not surprising by v1 · 2006-07-08 04:40 · Score: 4, Interesting

There's a small degree of higher risk, but if you get a new disposable cell phone every three days and move around all day you'd be a hard mark to hit.

Too many people are now aware of the "don't click the link" aspect of phishing, but I'm sure there are still pleanty of suckers that assume if they have your phone number you must be legit. I would not be surprised if they find a way to do this through US Mail in a way that hides their identity.

It would be interesting if one day, to get such an online account set up, they make you pass a short test, where they give you ten examples of people asking for your account information in various ways, and you have to answer "give them the information" or "report the incident to phishing.ebay.com". Anyone that answers "give them the information" on any of the questions doesn't get an account.

I wager that alone would eliminate 80% of successful phishes.

--
I work for the Department of Redundancy Department.
Woah, timely! by Kid+Zero · 2006-07-08 05:59 · Score: 4, Interesting

Just got mine in the email this morning.

(530) 204-6800 is a land line based in Davis, CA
The registered service provider is 01 Communications**.
Detailed listing information is not available.