April 27, 2007

The information security company SecureWorks reports it has spotted a new phishing technique that uses call forwarding to route a victim's incoming phone calls to a number controlled by the attacker.
Victims receive an email asking them to confirm their phone number with their bank by dialing *72 followed by a series of numbers. In the United States, the sequence will cause most phones to forward all incoming calls. Once completed, the victim hears a message saying the confirmation has been successful.
After the victim confirms their phone number, they are asked to update their personal info, social security number, bank account number, credit card number, etc.
If the customer co-operates, the phisher has all of the banking and personal information needed to begin making fraudulent transactions on the victim's account. If the customer's bank or credit union calls them to query an odd transaction during the period that their calls are being forwarded, the phisher will receive the calls and confirm that the fraudulent transaction is legitimate.
To protect against this phishing scam and others, never provide your financial or personal information to an unknown source via email or the phone. If you are unsure of the source, contact your credit union directly.
Report any phishing attempts to Phonebusters.com, 1-888-495-8501, info@phonebusters.com