Fraud Alert: Vishing and SMiShing AttacksOctober 14, 2009 -- LSB is passing on the following information to our cardholders. The information is being provided by SHAZAM. The attacks seem legitimate and can be very deceiving. Attack Details The vishing attacks have consisted of either a callback requirement on the part of the victim (For example: the victim is told to call a specific telephone number to release account information, such as a primary account number [PAN], PIN, or expiration date), or required the victim to provide information during the initial call (For example: speak or key in account information). The reported SMiShing attacks, which occur through the use of text messaging, have required that the potential victim either call back a specific telephone number or reply with a text message including the account information the fraudster requested. In attacks where the fraudster demands that the victim enter information during the initial call, defeating the attack can be virtually impossible due to the lack of a callback telephone number. It is also difficult because many of these calls use hacked voice-over-Internet protocol (VoIP) systems that allow attackers to provide an erroneous caller ID. In attacks that require a response by a cardholder to a specific telephone number, these can be defeated fairly quickly by advising law enforcement or professional takedown services of the attack and requesting they contact the telecommunications company hosting the telephone number to have it taken offline. If you are concerned that you may be a victim of an attack like this on your LSB ATM or Debit card, please contact your local LSB office, SHAZAM (800-383-8000), or local law enforcement.
|
|
