The Washington Post's Security Fix features an article on vishing scams reporting three recent vishing attacks and how these attacks were done. According to the article, a series of well-orchestrated wireless phone-based phishing attacks against several financial institutions took place last week illustrating how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.
"The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a provided phone number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date
and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down)."
The article also pointed out the importance of installing the latest security updates on the Web servers as well as the use of non-obvious passwords to help mitigate these kinds of vishing attacks.
Read the full article on the Washington Post.