IP Communications

Welcome to TMCnet.com
TMC Launches New Sites: Cable 4G Wireless Evolution  |  Satellite  |  Green Tech  | IT | IVR |  ITEXPO East begins in:   REGISTER NOW!
Columnists:
...more
E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts

 

Back toIP CommunicationsCommunity

 

July 28, 2006

MessageLabs: Scammers Using Social Networking Sites, VoIP, to Launch Attacks


By Patrick Barnard
TMCnet Assignment Editor
The most recent Intelligence Report from MessageLabs, a provider of integrated messaging and web security services to businesses worldwide, shows a shift in the types of security threats now proliferating on the Internet. According to the report, cybercrooks are increasingly using online communications tools as a new means of targeting victims.

Although the overall threat level has remained relatively stable in recent months, the company’s July report shows that criminals are increasingly targeting social networking sites, such as MySpace.com, in their attempt to capitalize on user ignorance in order to extract personal information for the purpose of committing identity theft. Criminals have also stepped up their attacks in recent weeks using certain online communications tools, including AOL’s Instant Messaging service (AIM) and Google’s (News - Alert) Gmail service.

Of particular interest, the report shows an increasing threat from a new form of phishing which uses VoIP phone numbers to lure victims into giving away personal information over the phone. The report finds VoIP is becoming the new platform of choice for cybercrooks engaging in various phone and email scams.

TMCnet first reported on VoIP phishing scams back in April, when Cloudmark, a leading provider of spam, phishing and virus detection solutions, reported that it had detected and prevented several VoIP phishing scams on its network.

In those particular scams, which were among the first of their kind, the phishers would send and email to a targeted victim. The emails, which were designed to appear to have come from the victim’s bank, told the victim that their account had in some way been compromised, and that they needed to contact the bank via a toll free number provided in the email. The number, however, was a “fake” VoIP number which connected the victim to an IP-PBX (i.e. phone system) which had been set up by the phishers in a remote location. Once the victim had dialed into the IP-PBX, they would encounter a “phone tree,” or voice recognition system, which the phishers had ingeniously “copied” from the bank’s phone system – thus putting the victim in a phone system which would seem both legitimate and “familiar.” The system would then prompt the victim to enter his or her credit card number, and several other pieces of information, which was then recorded onto the IP-PBX. The phishers could then use the information to make fraudulent charges on the victim’s credit card.

The latest permutation of VoIP phishing, called “vishing,” doesn’t involve email. With these scams, the potential victim’s phone rings and an automated voice message tells him there may have been fraudulent charges on his credit card. The message provides a toll-free number to call, and when the victim dials it, he is prompted to enter his credit card number, date of expiration, and perhaps other information which the “vishers” can use to make fraudulent charges. In addition, vishers can also easily “spoof” someone’s caller ID to make it appear that the call is coming from legitimate bank or other financial institution.

In both cases, the victim never actually speaks to a live person – the automated phone system does all of the work.

Part of what is driving these scams is the fact that VoIP technology is getting cheaper and is now widely available. Just about any programmer with basic knowledge of VoIP and how it is deployed can set up a bank of “fake” numbers which can be used to lure victims. In addition, the phone systems - including both the hardware and software - have also become more affordable in recent years, thus making it easy for vishers to set up “fake” phone systems (they can even “record” or copy the original auto-attendants’ voice from a bank’s phone system over to their IP-PBX). Because VoIP numbers can be set up and broken down in just minutes, it is almost impossible for law enforcement to track the numbers being used and thus arrest the bad guys. (Usually, the numbers are valid for only a few hours, while the activity is going on, and they are broken down before law enforcement can track them. Plus, it is also possible to use a phone number to route calls to another number which could be anywhere in the world). Furthermore, the new phone systems are fairly easy to set up and take down, are relatively inexpensive, and are readily transportable.

“This clearly demonstrates the constant level of innovation by cyber criminals to leverage new modes of Internet level communication and capture a victim’s personal identity,” said Mark Sunner, chief technology officer of MessageLabs, in a press release.

According to MessageLabs’ July report, phishing (including “vishing”) attacks increased 0.03 percent during the past month, with one in every 459.8 (0.22 percent) emails being a phishing attack. The number of phishing attacks as a proportion of all email-borne threats increased by 2 percent.

The report finds that phishing now accounts for 21 percent of all malicious emails, worldwide, an increase of 9.6 percent compared to July 2005.

“MessageLabs predicts phishing to continue to increase in the coming months, as attacks continue to evolve and become smarter, making it an attractive space for cyber-criminals to infiltrate and be an issue for both the enterprise and consumer alike,” the press release states.

The MessageLabs Intelligence Report tracks the quantities of spam and viruses on networks all around the world. The July report shows that, during the past month, Israel was the most spammed country, with spam accounting for 77.3 percent of all email. Meanwhile, India continues to bear the brunt of virus attacks, with 1 in every 11.1 emails containing a virus.

Meanwhile traditional email spam is down about 2 percent since June. The report shows that in July, 62.7 percent of all email worldwide came from known or unknown “bad” sources (1 in 1.59 emails).

The percentage of emails with viruses destined for valid recipients was 1 in every 96.6 emails (1.04 percent), an increase of 0.05 percent since June.

According to MessageLabs, “large scale virus outbreaks have almost become a thing of the past, as attacks are becoming increasingly more targeted with specific business aims.”

Citing other geographic trends, the report finds that India continues to be the most affected country in terms of email viruses, with one in 11.1 (9 percent) emails containing a virus during the month June. Although that country saw a slight drop in the amount of virus-infected emails, it remained at the top of the virus chart for the fifth consecutive month. Germany saw the greatest increase in virus traffic, with one in 36.5 emails containing a virus – an increase of 1.4 percent over the previous month. Belgium is the least affected country, with one in 149.2 emails containing a virus.

In addition to geographic trends, the report also tracks the amount of email spam and viruses affecting specific industries and other vertical trends.

To get a copy of the report, visit http://www.messagelabs.com/Threat_Watch/Intelligence_Reports.

--------

Patrick Barnard is Associate Editor for TMCnet and a columnist covering the telecom industry. To see more of his articles, please visit Patrick Barnard’s columnist page.

 

Back to IP Communications Community
 
 
E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts

Subscribe FREE to all of TMC's monthly magazines. Click here now.
Advanced