The FBI is warning that denial-of-service attacks - when computer hackers take down websites by flooding them with large amounts of traffic - are being moved to telephones. But it turns out, the flood of annoying calls are simply a diversionary tactic: while the lines are tied up, the criminals--masquerading as the victims themselves--are raiding the victims' bank accounts, online trading or other money management accounts.
Here, in a nutshell, is how the whole thing works:
* Weeks or months before the phone calls start, a criminal uses social engineering tactics or malware to elicit personal information from a victim that this person's bank or financial institution would have--like account numbers and passwords. Perhaps the victim responded to a bogus e-mail phishing for information, inadvertently gave out sensitive information during a phone call, or put too much personal information on social networking sites that are trolled by criminals.
* Using technology, the criminal ties up the victim's various phone lines.
* Then, the criminal either contacts the financial institution pretending to be the victim...or pilfers the victim's online bank accounts using fraudulent transactions. Normally, the institution calls to verify the transactions, but of course they can't get through to the victim over the phone.
* If the transactions aren't made, the criminals sometimes re-contact the financial institution as the victim and ask for it to be done. Or they add their own phone number to victims' accounts and just wait for the bank to call.
By the time the victim or the financial institution realizes what happens, it's too late.
Law enforcement and industry response
While the lines are tied up, the criminals are raiding victims' accounts.
The FBI first learned about this emerging scheme through one of its private industry partners, which told us how a Florida dentist lost $400,000 from his retirement account after a denial-of-service attack on his phones.
And as of April of this year, there has definitely been a noticeable surge in telephone denial-of-service attacks, with numerous incidents having been reported in several Eastern states.
To help fight these schemes, the FBI has teamed up with the Communication Fraud Control Association--comprised of security professionals from communication providers--to analyze the patterns and trends of telephone denial-of-service attacks, educate the public, and identify the perpetrators and bring them to justice.
The FBI recommends consumers take these precautions:
* Never give out personal information to an unsolicited phone caller or via e-mail.
* Change online banking and automated telephone system passwords frequently.
* Check your account balances often.
* Protect your computers with the latest virus protection and security software
If you think you may have been targeted by a telephone denial-of-service attack, contact your financial institution and your telephone provider, and file a complaint with the FBI's Internet Crime Complaint Center.
Source: FBI Press Room
Here, in a nutshell, is how the whole thing works:
* Weeks or months before the phone calls start, a criminal uses social engineering tactics or malware to elicit personal information from a victim that this person's bank or financial institution would have--like account numbers and passwords. Perhaps the victim responded to a bogus e-mail phishing for information, inadvertently gave out sensitive information during a phone call, or put too much personal information on social networking sites that are trolled by criminals.
* Using technology, the criminal ties up the victim's various phone lines.
* Then, the criminal either contacts the financial institution pretending to be the victim...or pilfers the victim's online bank accounts using fraudulent transactions. Normally, the institution calls to verify the transactions, but of course they can't get through to the victim over the phone.
* If the transactions aren't made, the criminals sometimes re-contact the financial institution as the victim and ask for it to be done. Or they add their own phone number to victims' accounts and just wait for the bank to call.
By the time the victim or the financial institution realizes what happens, it's too late.
Law enforcement and industry response
While the lines are tied up, the criminals are raiding victims' accounts.
The FBI first learned about this emerging scheme through one of its private industry partners, which told us how a Florida dentist lost $400,000 from his retirement account after a denial-of-service attack on his phones.
And as of April of this year, there has definitely been a noticeable surge in telephone denial-of-service attacks, with numerous incidents having been reported in several Eastern states.
To help fight these schemes, the FBI has teamed up with the Communication Fraud Control Association--comprised of security professionals from communication providers--to analyze the patterns and trends of telephone denial-of-service attacks, educate the public, and identify the perpetrators and bring them to justice.
The FBI recommends consumers take these precautions:
* Never give out personal information to an unsolicited phone caller or via e-mail.
* Change online banking and automated telephone system passwords frequently.
* Check your account balances often.
* Protect your computers with the latest virus protection and security software
If you think you may have been targeted by a telephone denial-of-service attack, contact your financial institution and your telephone provider, and file a complaint with the FBI's Internet Crime Complaint Center.
Source: FBI Press Room
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment