Identity Theft Expert Robert Siciliano
Many of today’s automated processes are designed with security and/or convenience in mind. For example, if a credit card companies’ anomaly detection software detects irregular spending on your credit card the software may freeze your account or call you to make sure you are in–fact the one making the charge. While this may help to secure you, it also may inconvenience you if you are traveling overseas and are declined or just in a hurry and trying to catch a flight.
These same technologies may or may not involve a human at different touch points during their activation periods. What’s happening today is the bad guys are figuring this out and they are determining when theses touch points occur and are tricking the system so they can move forward with their fraudulent activities.
In some cases when a money transfer may prompt an automated call alerting an account holder to the transaction the only requirement of the system is to make the call. The automated system doesn’t necessarily have to talk to a human and the human doesn’t need to do anything. This seems like a flawed system.
In the case of a Florida doctor a telephony denial-of-service attack flooded the victim’s phone with diversionary calls while the thieves drained the victim’s account. In some cases, the victim heard recordings from sex chat lines and in other calls he heard dead air when answering the phone. Sometimes he heard a brief advertisement or other recorded message.
Wired reports the doctor discovered that $399,000 had been drained from his Ameritrade retirement account. About $18,000 was transferred then $82,000-transfer followed two days later. Five days after that, another $99,000 was drained, followed by two transfers of $100,000. The thieves withdrew the money in New York.
Most likely the initial compromise was via a phishing email that he responded to. Once he responded to the phish, the criminals began the process of setting up VOIP telephones systems to bombard his telephone lines so he couldn’t answer the phone to receive the alert.
Currently any financial institution that employees technology that automatically relies on the telephone system to notify account holders of a transaction is at risk.
If you mistakenly respond to a phish email and give up your data, knowingly or unknowingly, and find yourself being bombarded with a flurry of odd phone calls, it may be a sign you’re being scammed.
Robert Siciliano Identity Theft Speaker discussing criminal hackers on Fox News.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Top 5 Vishing Techniques
“Vishing” occurs when criminals call victims on the phone and attempt to lure them into divulging personal information that can be used to commit identity theft. The name comes from “voice,” and “phishing,” which is, of course, the use of spoofed emails designed to trick targets into clicking malicious links. Instead of email, vishing generally relies
- Protect Yourself from Vishing
“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your mobile phone. The term is a
- Beware every time the Phone rings
Don’t assume you’ll never be targeted by phone scammers just because you don’t have a cell phone; they continue to feast on landline users, especially those over 50. “This is the IRS…” Drill this into your head: The IRS never calls to collect back taxes. NEVER. A common ploy is to threaten that the listener will go to
- Beware of Robo-Call Scams
While out for an evening with friends talking about everything under the sun, including security, which I’m obsessed with – and people often quiz me anyways, my mobile rang from an “unknown” number. The caller, a computer, stated “Hello, this is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1
- How the Grandparent Scam Works
Remember when you were a kid, before “caller ID” (I’m showing my age here), you and your friends would make prank calls by picking up the phone and dialing any number and eventually someone would pick up the phone, you’d hang up, and laugh hard? Then do it another dozen times and with each call
Leave a Comment
You must be logged in to post a comment.