Wednesday, February 28, 2007

VOIP scam

That is Voice Over Internet Protocol. I am a bit sensitive to this as I use Vonage for my office telephone and I think more of us are going to VOIP telephone service. (Insight has jumped into this with a bevy of commercials touting their telephone service.) So should we be surprised that there are scams?

Vishing is really just a new take on an old scam -- phishing. You know the drill: you get an e-mail that claims to be from your bank or credit card company asking you to update your account information and passwords (perhaps, it says cleverly, because of fraudulent activity) by clicking on a link to what appears to be a legit Web site. Don't do it, of course. It's just a ruse, nothing more than an illegal identity theft collection system.

Vishing schemes are slightly different, with a couple of variations:
  • In one version, you get the typical e-mail, like a traditional phishing scam. But instead of being directed to an Internet site, you're asked to provide the information over the phone and given a number to call. Those who call the "customer service" number (a VoIP account, not a real financial institution) are led through a series of voice-prompted menus that ask for account numbers, passwords, and other critical information.
  • In another version you're contacted over the phone instead of by e-mail. The call could either be a "live" person or a recorded message directing you to take action to protect your account. Often, the criminal already has some personal information on you, including your account or credit card numbers. That can create a false sense of security. The call came from a VoIP account as well.
Vishing has some advantages over traditional phishing tricks. First, VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. Second, because it's Web-based, criminals can use software programs to create phony automated customer service lines.

If you are using a VOIP telephone service, please read the rest of the article here.