Hello, This Is You're Bank, Please Entering Your PIN
from the phoIP dept
The reason that phishing is such a tough problem to solve is that it’s not an attack based on technology, but on social engineering. Therefore there are few solutions, other than telling people to make sure they’re actually on the website they think they are when they enter in sensitive information. The problem may get even worse as phishers migrate over to VoIP in their attacks. One company claims to have discovered a scam whereby attackers sent out voice messages to people claiming to be from a bank. They were then instructed to dial a number, whereupon they were prompted to enter in important information, such as their PIN. Impersonating a bank isn’t sophisticated at all, but VoIP allows this kind of attack to scale really well, as has been the case with junk faxes. What’s more, the few anti-phishing techniques that companies have developed (like toolbar warnings, and personalized bank pages that phishers can’t copy) are useless over the phone. Once again, it looks like banks and other institutions will have to launch campaigns reminding people not to just enter their PINs unless they are talking over a known bank phone number. Inevitably, many will ignore the warnings.