Cloudmark: "Phishers" trawling in VoIP waters

Messaging security solutions provider Cloudmark says that it is seeing a new form of  of phishing (email fraud) attack in which attackers masquerade as financial institutions and send emails urging recipients to call phone numbers to correct problems.

Cloudmark found one attack that spiked in the middle of April. That's a schematic at the top of the post. 

Those numbers, though, are VoIP-related. And that's not a good thing.

Here's how it works. When they dial in, recipients of these emails hear phone selections that sound an awful lot like "Press 1 for.." phone trees commonly used by banks. During that process, they are asked to enter their account number, PIN number or Social Security numbers.

What is actually happening is that these unwitting callers are connecting to automated attendants carried on VoIP systems. Cloudmark says "the use of VoIP makes it easier for criminals to generate and delete new numbers very quickly and cheaply, making it harder for traditional anti-spam and phishing solutions to flag fraudulent phone numbers and for authorities to trace the numbers to perpetrators."

The company positions Cloudmark Desktop as a solution that will stop at least 98% of email phishing attacks-VoIP or no.