Messaging security provider Cloudmark blocks VOIP-based phishing attacks

April 26, 2006

2 Min Read

SAN FRANCISCO -- Cloudmark, Inc., the proven leader in messaging security solutions for service providers, enterprises and consumers, has identified and begun blocking phishing attacks carried out over voice over IP (VoIP) systems to spoof an unwitting target’s financial institution. Scammers posing as banks are emailing people to dial a number and enter personal information needed to gain access to their finances. Cloudmark warns that VoIP services can reduce the costs associated with conducting such attacks, providing the perpetrators with less risk of discovery, and urges recipients of suspicious messages to notify their service providers immediately.

By combining a global threat detection network leveraging real-time reporting by trust-rated users with a unique fingerprinting methodology, Cloudmark is able to identify and begin blocking new spam, phishing and virus attacks within moments, versus hours or days required with competing solutions. Noted for industry-leading speed in detecting and deterring new threats, Cloudmark is uniquely capable of accurately identifying and blocking these spoofed-number attacks. The company detected two new VoIP-specific attacks this week. As a precaution, Cloudmark advises against dialing phone numbers received in emails from institutions and to double-check and dial the numbers printed on ATM cards instead.

Adam J. O’Donnell, Ph.D., senior research scientist at Cloudmark, says, “We’ve seen two separate VoIP attacks hit our network this week, the first we’ve been able to analyze in detail. In these attacks, the target receives an email, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem.” Callers are then connected over VoIP to a PBX (private branch exchange) running an IVR system that sounds exactly like their own bank’s phone tree, directing them to specific extensions. In a VoIP phishing attack, the phone system identifies itself to the target as the financial institution and prompts them to enter account number and PIN. “The result,” O’Donnell surmises, “can be personally financially devastating.”

Cloudmark Inc.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like