Last Updated: 2008-10-21 00:02:49 UTC
by Johannes Ullrich (Version: 1)
Thanks to our reader Glenn for alerting us of this scheme: He received an automated phone call, telling him that his ATM card has been deactivated. The system then offered him to re-activate it. He didn't fall for it, and instead called his bank. His bank told him that they had multiple reports like that, and the calls are false.
- first of all, the bank should somehow identify itself by telling you something only they know. Your account number maybe?
- better: call them back at a listed number. Do not ask them what number to call. Usually, the fraudsters will use an automated system to call you, not a human (but they may).
- never provide confidential information like account numbers, social security numbers, PINs, passwords over the phone.
This event reminds me of one result our web-application honeypot project yielded so far: Attackers are actively looking for open VoIP web based admin interfaces like asterisk/trixbox/freepbx. Don't forget to secure them with passwords AND limit admin access to machines from your IP address space. It is likely that compromissed VoIP systems are used to launch these attacks.
Johannes B. Ullrich, Ph.D.
SANS Technology Institute