Hello, you've reached _______ Bank:
- If you would like to check your balance, press 1.
- To be connected to an operator, press 2.
- To compromise your banking account, enter your 16 digit card number followed by the expiration date.
No, I didn't make up the name for this new type of phone phishing recently labeled Vishing. Yes, Vishing is probably not the best name but it was the first offered, so it will probably stick.
As mentioned in previous posts, this new type of phishing using phone/voicemail is becoming more common. The most recent incident involves Santa Barbara Bank & Trust.
The MO is the same, spam people with fraudlent email asking them to call their bank and confirm their account details, the customer calls what they believe is their bank and ends up disclosing their account details to the automated phone system (and thereby the phishers). Websense grabbed the voicemail recording so you can hear the message and understand how it actually works.
The Phishing Incident Reporting and Termination (PIRT) Squad is updating the status of this phish.
How can you protect yourself? Use caution and refer to the company's website to confirm their officially listed phone number to avoid falling victim in cases like this.
