Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Fraudulent Domain Registrations | Main | "Spam Wars" Notes »

February 16, 2005

Phishing By Phone (Phphishing?)

I just heard of a scam that has probably been going on for some time but just reached my radar screen. This time, the scam doesn't involve email, but it has all the hallmarks of the phishing scams we've come to know so well.

In this case, a retiree gets a telephone call from someone claiming to be from a bank asking to verify some information. Even if the retiree advises the caller that he or she has no account at that bank, the caller adamantly says that there is a $75 credit on the books, and they need the personal information to confirm that the funds belong to the retiree. The "bank" doesn't have the information, but requires all the information come from the retiree.

Sound familiar?

One recipient of such a call I know was fortunately suspicious, and refused to supply any of the information. The scammer, who had started the conversation with a friendly tone, then threatened to report her to the state's Attorney General's office. This tactic is just like the one used by numerous investment scammers working from telephone boiler rooms. To me, it's a form of elder abuse. Unfortunately, a lot of lonely, polite, and easily confused seniors get taken in by these scams every day.

I know the 419 (advance fee) scams originally started many years ago through postal mail and switched to email with the times (although I also got a junk fax with a 419 scam letter last month). Perhaps someone in law enforcement can tell me if phishing started by phone and migrated to email, or vice versa. I suspect that today's email phishing gangs have opened up a more facile marketplace for the stolen personal identity info.

And I don't expect phone phishers to honor the FTC's Do-Not-Call Registry. The scammers will be on different numbers before anyone could investigate.

Posted on February 16, 2005 at 03:47 PM