Re: [Full-disclosure] Re: [funsec] Vishing (voice/phone phishing) - public incident



examples I saw were an automated system that accepted your credit card
number along with PIN.

asterisk maybe?


--
Harry Hoffman
Integrated Portable Solutions, LLC
877.846.5927 ext 1000
http://www.ip-solutions.net/


Dude VanWinkle wrote:
On 6/23/06, Gadi Evron <ge@xxxxxxxxxxxx> wrote:
Last year some of us made jokes about Vishing on funsec, today it's a
reality. Here is the incident going public:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534

Special thanks to the good guys at Websense and the PIRT guys at
CastleCOPS PIRT.

I guess jokes about Vishing with a heavy Russian accent were good, too
bad
this wave file doesn't have that accent. :)

The attacked party is Santa Barbara Bank & Trust. I suppose the IRS will
also take interest in this.


Dang, I was thinking the msg would be "Please call our support hotline
at 1-900...."

Is someone really sitting at the phone waiting for customers to call
up, or is it an automated greeting that walks you through a "password
reset"?

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages