Chapter 15: Voice Phishing | Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Dear Customer,

We've noticed that you experienced trouble logging into Santa Barbara Bank & Trust Online Banking.

After three unsuccessful attempts to access your account, your Santa Barbara Bank & Trust Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Santa Barbara Bank & Trust is committed to make sure that your online transactions are secure.

Call this phone number (1-805-214-4801) to verify your account and your identity.

Sincerely,
Santa Barbara Bank & Trust Inc.
Online Customer Service
Websense Security Labs Phishing Alert, June 23, 2006

Overview

Phishing is a type of identity theft attack that has traditionally targeted email users and involves an attacker creating a spoofed website that appears to represent a legitimate financial site (PayPal, eBay, ABC Bank, and so on). Victims are usually lured into visiting the spoofed site and giving up vital information such as passwords, mother's maiden name , credit card numbers, and Social Security numbers .

Phishing attacks really took off in 2004 and have yet to slow down in their growth as a prevalent form of cyber attack. In January of 2004, there were 174 phishing websites identified by the Anti-Phishing Working Group (http://www.antiphishing.org/), and by December of the same year, there were over 1,700. More recently the numbers have skyrocketed; in May 2006 alone there were 20,109 unique phishing sites reported .

In the same way that phishing attacks have skyrocketed in the last few years , so too can we expect the same perpetrators to focus their attention on the VoIP realm eventually.