Back in April, fellow blogger Matt was theorizing about a new type of phishing where the phish used a phone system to obtain your information rather than stealing it through a website. Well, it looks like that theory has become reality.
Recently a phishing email was detected that didn’t ask you to view a certain spoofed website, rather, it asked you to call Chase Bank at a phone number and input your information through their system. Problem is, it isn’t Chase. The phone number in the email was actually controled by the phishers as was the automated touch-tone system that requested your SSN, Account Number, etc.
Here is a copy of the email phish:
Dear Customer, We’ve noticed that you experienced trouble logging into Chase Online Banking. After three unsuccessful attempts to access your account, your Chase Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Chase is committed to make sure that your online transactions are secure. To verify your account and your identity please call our Account Maintenance Department at *(888) 555-3406* 24 hours / 7 days a week.
Sincerely,
Chase
Online Customer Service
In Corporate IT security, there is a lot of talk about end-user education — in effect, teaching the employees how to be safe and secure with corporate data. I think this phone phishing example is a case where end-user education is one of the only options. In this case, how do you know who you are calling and how can you confirm it? The 6.5 version of ZoneAlarm goes a long way to protecting you in the offline realm, but I can’t see how any software, credit opt-out, monitoring or detection can protect someone from picking up the phone and dialing a phony number — end-user education and caution may be the only option in this case.
Maybe the best suggestion is to use caution and refer to the company’s website to call their officially listed
phone number to avoid falling victim in cases like this.
I have Zone Alarm Pro on my pc and I have a unknown Internet Pro and it will not stop poping warnings. Why cant your product stop this.And what is your phone number.Want a refund.
Hello,
This is a inquiry for the webmaster/admin here at blog.zonealarm.com.
Can I use some of the information from this blog post above if I give a backlink back to this website?
Thanks,
Peter
Feel free to repost the information. We feel that is valuable information and we are willing to share it
Today we have introduced a blog to our site and we deal with the issue of computer security. Zone Alarm is credited with protecting us! We use Zone Alarm Extreme Security. Only costs £30 per year and that covers 3 computers! We feel safe in their hands. The benefits are enormous – firewall, real time scanning, deep scanning, virtual browsing. The list is endless!