Just when you thought that the hackers had thought of everything.... A new IT theft method that is being directed at the nation’s banks is called Social War Dialing, also known as “vishing.” Like its cousin phishing, this con attempts to talk unsuspecting victims out of their account numbers, passwords, etc. However, instead of using email or the computer, which many of us have been trained to not trust, they use the good ole telephone. The way that this attack works is that an entire phone exchange, usually for a small town with only one or two banks, is dialed by automation. Those picking up the phone hear a prerecorded message from their friendly local community bank that their account has been compromised. They need to change their PIN code immediately to avoid any unauthorized charges. They are directed via a menu to enter their account number, their old PIN, and a new PIN. Of course, this isn’t the bank calling but rather a sophisticated overseas ID theft gang using VOIP technology. Caller ID shows the name of the bank, giving further credibility to the attacker. Once they have the card number and PIN, they can quickly generate a fake ATM or debit card and start either withdrawing cash or making purchases.
Small-town bank customers have been taken for tens of thousands of dollars in a couple of hours using this method. Older and non-technical customers are particularly vulnerable to this scam.With cheap or free VOIP calls, and automated voice software, thousands of numbers can be dialed in a short period for little or no cost. Templates can be easily changed for different town or bank names. This attack has already evolved into using text messages on cell phones. It has also moved on to other financial industry companies such as credit cards, merchant charge cards, etc. So if you get a call purporting to be from your bank, credit card company, or any other financial institution asking you to put in personal information, hang up and call their main number, which is usually written on your card, to verify the request. Don’t take caller ID’s word for it as this is easy to forge. The ID thieves out there continue to grow more sophisticated and wily in their efforts to get your financial information. What will they think of next?
