Archive for April, 2007

Emerging Threat: Please forward your phone number to our Skype number!

Saturday, April 28th, 2007

Phishing scams for banks aren’t really new, but one received last night came with a new twist. The spam e-mail stated:

Bank of America Warning

Dear Bank of America Customer,

During our regular update and verification we could not verify your current
phone number.
Either your information has been changed or it is incomplete.
Please update your phone number by
CLICKING HERE [http://www.xxxxxxx.de/gallery/albums/userpics/boa/] or on the link: http://www.xxxxxxx.de/gallery/albums/userpics/boa/ [http://www.bankofamerica.com/updatephone]

If this is not completed by April 24 , 2007, we will be forced to suspend
your account indefinitely.

The root domain was a hacked, legitimate site running one of the commonly used photo gallery scripts.

The scam page started out with an eye-catching demand that the victim forward their phone number to the phisher’s number as part of the ‘verification’ process:

Click on Image to zoom
Phone Forwarding

There were two versions of the scam page. The first had specific, numbered instructions:

To confirm you phone number please fallow the steps :

Step 1- Go to your phone and Dial *72
Step 2- Dial 707xxxxxxx (Bank of America Secure Line )
Step 3- Your phone is confirmed
You will receive a call from us in 1 h for final verification !

What followed for both was the ‘standard’ identity theft form:

Click on Image to zoom
Bofa

In checking with one carrier, Qwest, the procedure followed with a forwarded number is the phone will ring at the source location first. If unanswered after a certain number of rings, it will transfer through to the forwarded number.

It’s unknown what the protocol is for all carriers. The obvious concern is that there is no ‘source’ location ring and the forwarding occurs immediately, which in many tests have proven to be standard.

Depending on how long it takes the victim to realize they’re not getting inbound calls and resolve the problem, the bank is effectively blocked from conducting fraud checks for suspicious account activity and/or attempting to advise their customer of the identity theft and the need to cancel their cards. Also, from a “cashing out” perspective, if there is any required phone verification to use the credit card on the account, the verification will succeed, as the forwarded number will be routed to the phishers.

The site has been disabled and the phone number appears to be a SkypeIN number that goes to voicemail.


Slashdot  
Slashdot It!

Posted in Emerging Threats, General Information, Phishing | No Comments »