Vishing Scam Hits FDIC

Analysts Say Socially Engineered Schemes on the Rise
Vishing Scam Hits FDIC
Telephone-based phishing, or vishing, scams are quickly ranking among the most popular socially-engineered schemes perpetrated by fraudsters. The latest target: The Federal Deposit Insurance Corp., which last week warned of a vishing scam that is duping consumers.

According to the FDIC's statement, the criminals behind the vishing calls allegedly told consumers they were delinquent in loan payments that had been applied for over the Internet or made through a payday lender. The loans may or may have not even existed, giving the vishers opportunity to collect personal information to confirm the authenticity of the loans. Recipients of the calls said the vishers requested everything from Social Security numbers to dates of birth.

The FDIC-related vishing scam is but one in a number of targeted vishing attacks reported in recent months - a reflection of the growing sophistication of the criminals who perpetrate socially engineered schemes.

Vishing Can be Powerful

In July and August, several community banks and credit unions were targeted in a series of vishing attacks that hit consumers in rural areas. The calls and texts made to land-line and mobile phones, in most cases, claimed that customer accounts from specific institutions had either been compromised or closed, offering the fraudsters opportunity to collect personal account information.

Mike Urban, senior director of global fraud solutions at FICO, which provides decision-management and predictive-analytics solutions, says vishing scams are expected to increase, as other socially engineered schemes such as e-mail phishing attacks have become more difficult for criminals to pull off.

"The criminals are continuing to leverage communication channels beyond traditional e-mail phishing and disguise themselves behind more trusted names to get consumer information that they can turn into profits," he says.

Vishing itself is a relatively low-tech crime, says Robert Siciliano, a McAfee security consultant and founder of IDTheftSecurity.com. The problem is that it's a socially engineered scheme that is hard to fight. Phishing attacks can be combated with more advanced spam filters. Vishing preys on consumer trust, making the role of customer and member education ever-more critical. "Consumers should not respond to any request that comes through on the phone to provide any information that could compromise their identity in any way," he says.

Peter Cassidy of the Anti-Phishing Working Group, says the FDIC-related vishing case proves that the financial industry should brace itself for a growing number of more crafty socially engineered schemes. "Vishing can be powerful, in part, because people are used to receiving calls, when it comes to financial information," he says. Couple that power with the ease and low cost of perpetrating a vishing attack, and it's easy to see why these types of attacks are expected to multiply. "Out of 10,000 calls the vishers made, even if they only get a fraction to respond, it's worth it for them," he says.

Using the FDIC or the Internal Revenue Service as a veil also proves that the social-engineering muscle put behind these schemes is getting stronger, Cassidy says. In July, a vishing-by-fax scam hit small U.S. business-owners, telling them they were owed tax refunds from the IRS, and then asked them to provide personal information in response to the fax.

"The FDIC would never call you, but a lot of people don't know that," he says. "They're used to seeing the FDIC logo on the wall at the bank; they're familiar with the IRS, because they file taxes every year. These guys are getting good at what they do, and it's going to take a unified approach (from the industry) to fight these kinds of attacks."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.