Re: Physhing email using phone number

["Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>]

We also received similar messages to our campus which were targeted
against a credit agency in our area.  The number was in our area code,
and when called had an automated system that took a credit card number,
expiration date, and I think zip code.  Then it told you that your
account was reactivated and it disconnected (we called it and put in a
bunch of single digits to go through the prompts).  It was a poor
quality system, but convincing enough for most non-technical users.

I thought I saw somewhere in the new Cisco ASA 8.0+ firmware that there
was better SIP and/or SCCP inspection.  I also thought I had seen
examples or maybe commentary of how you could use it to block specific
call attributes including called party.  However, now I can't find
anything on it, so I may be mistaken.  If you are running the 8.0
firmware it may be worth calling TAC and asking.

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di Fabio, Andrea
Sent: Friday, March 28, 2008 11:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Physhing email using phone number

We use hosted VoIP centrex so we do not have the luxury to block the
number
on the PBX. We are investigating how we can block this number using
regular
expression or other means as packets goes from the phone VLANS to our
PIX
and VOIP router to our VoIP provider.  I welcome suggestions.

Thanks.

Andrea Di Fabio
Information Security Officer
High Performance Computing Technology Coordinator
Norfolk State University
Office of Information Technology
Marie V. McDemmond Center for Applied Research, Rm 401F
555 Park Avenue, Suite 401
Norfolk, Virginia 23504
757-823-2896 Office
757-823-2128 Fax