Vishing (and SMiShing ) Countermeasures



Similar documents
White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Avoid completing forms in messages that ask for personal financial information.

PBX Fraud Educational Information for PBX Customers

Fraud Prevention Tips

Protecting Yourself from Identity Theft

Identity Theft. What it is and How to Protect Yourself

CCT Telecomm offers the following tips to ensure your protection from phone fraud at your home or business:

Fraud and Identity Theft. Megan Stearns, Credit Counselor

9-1-1 FREQUENTLYASKED QUESTIONS

RED FLAGS RULE. Identifying, Detecting, & Mitigating Possible Identity Theft

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

I know what is identity theft but how do I know if mine has been stolen?

IDENTITY THEFT VICTIMS: IMMEDIATE STEPS

Best Practices Guide to Electronic Banking

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

WHAT THE FRAUD? A Look at Telecommunications Fraud and Its Impacts

SPOKANE Police Department Identity Theft Victim Packet

Helping you to protect yourself against fraud and financial crime

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

IBM Global Technology Services May The vishing guide. Gunter Ollmann

Protection. Identity. What should I do if I m. Common ID Theft TACTICS. a criminal obtains your personal information and uses it for his/her own gain.

TELECOM FRAUD CALL SCENARIOS

IdentityTheft HOW IDENTITY THEFT HAPPENS PROTECTING YOURSELF RECOVERING FROM IDENTITY THEFT

Identity Theft Protection

Identity Protection Services

HOME DEPOT DATA BREACH

Reclaiming your identity

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

Retail/Consumer Client. Internet Banking Awareness and Education Program

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

Identity Theft and Online Fraud IRS Efforts to Protect Taxpayers. Privacy, Governmental Liaison and Disclosure May 9, 2012

Identity Theft and Tax Administration

Calling FEATURES. User s Guide. Call *123 or or visit yadtel.com

PROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit

This notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen.

Tax Fraud and Identity Theft Frequently Asked Questions [Updated February 10, 2015] 4. WHAT CAN I DO TO PROTECT MYSELF FROM TAX FRAUD IN THE FUTURE?

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

& INTERNET FRAUD

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Remote Deposit Quick Start Guide

Identity Theft Repair Kit

Designing an Identity Theft Prevention Program

Enhanced Security for Online Banking

As a precaution, we have arranged with AllClear ID to provide identity protection services to affected clients at no cost for a period of one year.

IDENTITY THEFT BROCHURE 2 6/3/05 3:07 PM Page 1 IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

ID Theft Toolkit and Affidavit

Quick Start Guide v1.0

Preventing Identity Theft National City Bank. How to protect your identity

Fraud Trends. HSBCnet Online Security Controls PUBLIC

Identity Theft Problem and Solutions

IRS & Partners Combat Tax-Related Identity Theft What s New for 2016

Protecting Yourself from Identity Theft

XO Hosted PBX. XO Hosted PBX. MyPhone Portal User Guide. Document version: Issue date: 17 May 2013

St. George Police Department

Frequently Asked Questions. OPM Data Breach. Department of the Navy

IDENTITY THEFT WHAT YOU NEED TO KNOW. Created by GL 04/09

MAXIS ONE TECHNOLOGIES, L.L.C. MAXIS ONE TECHNOLOGIES, L.L.C. CLOUD-BASED VIRTUAL HOSTED PBX USER S MANUAL

Visa CREDIT Card General Guidelines

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

The Home Depot Provides Update on Breach Investigation

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Features & Instructions Guide For Your New VoIP Services

IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

Q (With a rotary dial phone, skip this step R70. Custom Calling Features. Call Waiting. Call Forwarding. Cancel Call Waiting. Long Distance Alert

Protect Yourself Against Identity Theft

VZE-RS-E-5/13. user guide. Instructions on Using Verizon Calling Features

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit

what you need to know

Identity Theft Don t Be a Victim How IRS and Tax Professionals Can Prevent Identity Theft and Assist Taxpayers Who Are Victims

FFIEC CONSUMER GUIDANCE

Consumer ID Theft Total Costs

We are writing to you because of a recent security incident which may have resulted in unauthorized access of your personal information.

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009

Note: You will not be notified when or how many calls have been rejected.

Transcription:

Vishing (and SMiShing ) Countermeasures Fraud Investigation & Education FIS www.fisglobal.com

Vishing What is it? Vishing also called (Voice Phishing) is the voice counterpart to the phishing scheme. Instead of being directed by an email to a website, the user is asked to make a telephone call. The call triggers a voice response system that asks for the user s personal identifiable information to include: Plastic card number, Expiration date, CVV2/CVC2, and/or PIN number. To date, there have been two methods of this technique that have been identified. The first method is via Email blast. The email blast has the exact same concept of phishing email that includes false statements intended to create the impression that there is an immediate threat or risk to the financial account of the person who receives the email. Instead of Weblink, there is a number provided that instructs the person to call and provide their personal identifiable information. Example of a vishing email: cardfraud@fisglobal.com 2

The second method has been identified as Cold Call Vishing. With this method, the fraudsters use both a war dialer program with a VoIP (Voice over Internet Protocol) technology to cover a specific area code(s). The war dialer is a program that relentlessly dials a large set of phone numbers (cell or landlines) in hopes of finding anything interesting such as voice mail boxes, private branch exchanges (PBX) or even computer modems (dial up). VoIP is a technology that allows anyone to make a call using a broadband internet connection instead of a regular phone line. VoIP enables the fraudsters to mask or conceal their actual phone number and use a false one to avoid detection. In some cases, the fraudsters have used numbers from local merchants and financial institutions in an effort to gain the trust of the victim. Example of a War Dialer program: cardfraud@fisglobal.com 3

SMiShing Smishing is a spin off version of Vishing. In this instance the victim receives a text message via their cell phone with the implications that there is a threat to their account and request a callback to a number provided in the message. The social engineering tactics used are the same as in the phishing and vishing attacks; the only difference is the delivery method. Below is an example of a smishing text. (Financial Institution Name) Alert: You re card starting with XXXX has been deactivated. Please contact us at XXX XXX XXXX to reactivate your card. Responding to an Attack Following are tips and recommendations when it comes to responding to a vishing/smishing attack. Staff Preparation: Procedures should be in place for employees to capture and log information to report the incident. These procedures should include: Information on the phone number used in the attack Request and verify the victims number that was contacted during the attack. Determine what method was the call/message received? Was it a Cell or land line? Was it a voice mail or text message? All details of the phone conversation or recorded message Include the call out number captured by caller ID or the source of the text message. Also, what type of social engineering method was used? For example: Your account has been blocked or Your account is past due, or more recently Your account has been breached. Determine what information was solicited You want to capture specific details. For example: were they looking for the card number? Expiration date? PIN number? Get as much information as possible. Determine what information did the customer provide? Identify the callback number used in the attack. Research the callback number and the phone carrier Fone Finder is a website that helps locate the service provider of the first 7 digits of the area code and phone number used. Their website is as follows: http://www.fonefinder.net/ The idea is to collect as much information as you can and to report your findings. (Please see Reporting the Attack below.) Alert Staff and Customers: Notify both staff and customers as soon as a pattern has been identified. Explain what Vishing is and what actions can be done when a call or text message is received. Place an article or posting on your website with news of the vishing attempts to inform customers what s occurring in your area. Educational materials about phone fraud can be found at http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel19.shtm. Who s Calling? Recognize and Report Phone Fraud PDF available for print and distribution. http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketin g/tel19.pdf. cardfraud@fisglobal.com 4

Reporting the Attack Once all the information about the attack has been obtained you ll want to report it as soon as possible to contain it. Listed below are some steps and procedures in place to help you report the incident. Report the incident to local law enforcement You will need to file a formal report with your local law enforcement agency about the attack. Contact the phone carrier s fraud department to get the callback number used in the attack shut down. Usually the phone carriers require a police report file in order to proceed so it s important to have the police report on file. Report the incident to the FTC, Federal Trade Commission at http://www.ftc.gov/ or call 1 877 FTC Help. File a report with the Internet Crime Complaint Center at http://www.ic3.gov/default.aspx FIS Fraud Management We provide peace of mind by making electronic transactions safe, simple, and secure. Contact Us: 1-800-282-7629 cardfraud@fisglobal.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information