Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [funsec] Vishing (voice/phone phishing) - public incident

From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Fri, 23 Jun 2006 17:22:27 -0400
examples I saw were an automated system that accepted your credit card
number along with PIN.

asterisk maybe?


-- 
Harry Hoffman
Integrated Portable Solutions, LLC
877.846.5927 ext 1000
http://www.ip-solutions.net/


Dude VanWinkle wrote:

On 6/23/06, Gadi Evron <ge () linuxbox org> wrote:

Last year some of us made jokes about Vishing on funsec, today it's a
reality. Here is the incident going public:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=534

Special thanks to the good guys at Websense and the PIRT guys at
CastleCOPS PIRT.

I guess jokes about Vishing with a heavy Russian accent were good, too
bad
this wave file doesn't have that accent. :)

The attacked party is Santa Barbara Bank & Trust. I suppose the IRS will
also take interest in this.



Dang, I was thinking the msg would be "Please call our support hotline
at 1-900...."

Is someone really sitting at the phone waiting for customers to call
up, or is it an automated greeting that walks you through a "password
reset"?

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: