Vishing Attacks Net Crooks $7,000,000 in the UK

There has been quite a bit of press about a voice phishing/vishing scheme in the UK that has netted the crooks some $7,000,000 pounds. Whether this is one attack or several isn't clear, but it should be no surprise that attackers to use robocalls and then "vish" information out of individuals, is a very effective attack.

The attacker uses robocalls to call and leave messages on landlines, smart phones, and enterprise desk sets. The attacker simply picks numbers and leaves a message from a well-known financial enterprise, such as a top 5 bank. Odds are that if they call 10,000 numbers, a good percentage of the targets will just happen to work with that bank. While people have grown distrustful of phishing email, they tend to trust voice calls a little ore.

Individuals call back, usually to a 1-800 number, with an IVR that requests some sort of personal information, such as a credit card and PIN. Once the attacker has that information, they are good to go.

Here are a couple of links. You can find quite a few more.

http://www.ifaonline.co.uk/ifaonline/news/2291278/quarter-of-brits-at-risk-of-vishing-fraud-research

http://www.thisismoney.co.uk/money/news/article-2402936/One-risk-new-vishing-phone-trick-cons-victims-handing-bank-details.html?ito=feeds-newsxml