Wednesday, October 28, 2009

Internet phone systems become the fraudster's tool

Cybercriminals recently hacked into multiple telephone systems across the US and using them to contact bank customers to give up their bank account information. They are attack smaller regional institutions that have lighter security towards detecting scams. These cybercriminals used the telephone systems to automatically call customers with an automated message. This message states that there is a problem with their billing information and the customer needs to type in their username, password, credit card number, pin number or other sensitive information to fix the problem.

This process of breaking into phone company systems is 20 years old and was know as phreaking, but now that phone systems are integrated with the internet it is giving scammers more opportunities to hack. It is now now as VoIP (voice over internet protocol) which is a term used to describe a family of transmission technologies for delivery of voice communications over IP networks such as the internet.

The way the hackers got into these VoIP systems is they just guessed thousands of times what the system's password was. Unlike gmail that will block a user if it makes too many guesses, VoIP systems are not set up this way. If they VoIP has a weak password then it doesn't take long for a computer to figure it out. Once these hackers have access they can launch their attack on bank customers. The problem is that it is hard to track these hackers because they use distant VoIPs that are unrelated to themselves.

Scams like these have been a reoccuring theme this year. It is easy to see how these attacks could be prevented. At the level of the VoIP's, stronger passwords, smarter configurations to prevent password guessing attacks, and increased security could easily prevent hacking from cybercriminals. On the side of the victim I have one word: common sense. Who would give their personal information to an automated message? Never give your personal information out, and if you are worried that there is a problem with your billing information call your bank.
Posted by Azerus at 10/28/2009 09:17:00 PM

3 comments:

  1. JMSOctober 28, 2009 at 10:41 PM

    I feel like the type of attack made in this article is really the exact same thing as phishing. The only difference, obviously, is that it is made over telephone lines and not over the internet. It seems like, as the author said, we really just need people to use a little bit of common sense. The most important thing is for people to take every precaution possible, especially when giving out extremely important personal information. Like said in the article, the easiest way to do this would be by calling your bank.

    ReplyDelete
  2. NicoleOctober 30, 2009 at 1:17 PM

    Although we would all like to think that everyone has common sense, common sense just is not common. Those same victims that could get caught in a phishing scam are those same people subject to phreaking scams. These are unfortunate circumstances because one would normally assume that if a bank desired your information, there would be other ways of acquiring that information. However, the question is not to attack the victim and force them to become more aware of these types of criminals. Rather, it should be fixing the computer systems so that they would not have easy access to consumers names and telephone numbers. There should be some type of system implemented to prevent this from happening. Because I know the likelihood of creating a perfect system is almost nonexistent, I agree that people should just take extra precautions to not reveal their personal information over the telephone.

    ReplyDelete
  3. KAKNovember 9, 2009 at 2:50 AM

    I simply do not understand who would type in their account information along with their social security number over a telephone line. These are two of the most important numbers an individual has, and individuals must keep these numbers confidential. Individuals should know that banks would not expect them to provide such information over the phone. Unfortunately, as mentioned already, some individuals do not have common sense. I wonder how this problem can be solved. How can individuals be educated on topics such as this? Even if they are educated, does that guarantee individuals will know what to do when a similar situation occurs to them?

    ReplyDelete

Subscribe to: Post Comments (Atom)