Vishing Attacks Net Crooks $7,000,000 in the UK

There has been quite a bit of press about a voice phishing/vishing scheme in the UK that has netted the crooks some $7,000,000 pounds. Whether this is one attack or several isn't clear, but it should be no surprise that attackers to use robocalls and then "vish" information out of individuals, is a very effective attack.

The attacker uses robocalls to call and leave messages on landlines, smart phones, and enterprise desk sets. The attacker simply picks numbers and leaves a message from a well-known financial enterprise, such as a top 5 bank. Odds are that if they call 10,000 numbers, a good percentage of the targets will just happen to work with that bank. While people have grown distrustful of phishing email, they tend to trust voice calls a little ore.

Individuals call back, usually to a 1-800 number, with an IVR that requests some sort of personal information, such as a credit card and PIN. Once the attacker has that information, they are good to go.

Here are a couple of links. You can find quite a few more.