I got a phishing email a few minutes ago, this one purporting to be from Western Union, which in an of itself is nothing new. I get at least 5 phishing emails a day, and average at least one "from" Western Union a week. But the thing that interested me in the email was that they included the phone number for Western Union's customer service number. Probably nothing new (I'm tired, it's late) but a thought occurred to me: "What if that's not the real number? What if that forwards to some phishers?" and I thought about it some more. It wouldn't be that hard or cost that much for someone overseas to set up a call center and route calls that are supposed to be going to Western Union or Citibank, etc to the call center where people's information can be stolen. I think that we'll start to see this more. The downside is, of course, the extra people that need to get paid and the extra people that can help the authorities if the phishers get caught...which limits the effectiveness of this attack, but there's another, more interesting alternative: VoIP URLs. Skype already offers the ability to use a skype:// or call-to:// URL structure, which should activate Skype and place the call.
Imagine a world where more people are using VoIP and get these phishing emails which encourage people to call up and it all routes to one person on a cellphone through Skype? Low cost, low risk, easy to implement...it's going to come people, the only question is when.
Leave a comment