It seems a pretty new term, this ‘Voice phishing’. Perhaps it may even seem as a technical term for some type of spy service or changing voice mechanism. But let me tell you this is in fact turning out to a headache all around the world and a newly found way for FRAUDS.’ (REf: Wikipedia, BBC)
Mehul Patel was pleasantly surprised to receive a SMS recently from TM-Winners, announcing him as the winner of a GBP 250,000 (around Rs 20,000,000) prize from the 2009 (Shell) International Mobile Draw.
The message prompted him to mail to Mr Mike (firstname.lastname@example.org) his claim. However, when his excitement died, she tried hard to recall if she ever used any Shell product or service, as the SMS stated. He searched the net for the International Mobile Draw and to his surprise found millions of people like him who had received such SMS. So why was this SMS sent, especially, when a Shell official confirmed that it had not issued any such award?
Welcome to the world of Vishing or voice phishing, wherein hackers are using a combination of Voice over Internet Protocol (VoIP), SMSs and the internet to fool and redirect users into dialing a phone number and collect critical information for financial gain.
Vishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by VoIP, to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and phishing. Vishing exploits the public trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer.
The victim is often unaware that VoIP makes formerly difficult-to-abuse tools/features of caller ID spoofing, complex automated systems (IVR), low cost, and anonymity for the bill-payer widely available. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Vishing is very hard for legal authorities to monitor or trace.
To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, the consumer is advised to contact their bank or credit card company directly to verify the validity of the message.
Globally, the first Vishing attack was registered in 2006, but there have been reports that these are increasing. Though Vishing is still at a nascent stage, very few operators are providing any security solutions that can control spam on mobile handsets.
So next time you get such SMS then beware and share it with your friends and family as a joke!
PS: I too get a lot of mails in my email box, regarding lotteries and prizes. DO NOT TRUST THEM. or as they say in comics : “You shall spell out your doom“