Phone Phishing

This evening I received a strange phone call on my cell.  All of my numbers are on the Do Not Call Registry.  This call was an automated system informing me that my Visa card was just blocked for internet purchases.  It instructed me to call a toll free number or press one to get connected to their security department.  This seemed like a typical phishing email, but I have never seen, heard of, or experienced this in the form of a phone call.  I was amazed.

The phone number calling me was 203-227-5533, which Google says is Weston Capital Management.  What I suspect is that their PBX system was broken into.  Someone could have used it to launch a bunch of automated phone calls while they get stuck with the bill.  There was even a posting at the Internet Storm Center regarding an increase of scans for specific Trixbox PBX systems.  Pretty scary as Weston Capital Management might have a phone bill in the 100s of the thousands of dollars.  The Nerd Vittles blog recently put up a post talking about Asterisk security.  Someone out there is always trying to pull some scam, so best to protect yourself.

Tags: , , , , ,

One Response to “Phone Phishing”

  1. John Morris Says:

    CallerID can be faked easily with Asterisk and some Internet to PSTN gateway services that allow you to set your own CallerID, such as Vitelity. Services that allow this are becoming fewer and fewer, presumably because of abuse (Remember Paris Hilton's voicemail breakin? T-Mobile didn't require a voicemail password if your CallerID matched your voicemail box.). It's too bad, because there are actually legitimate reasons to set your the CallerID on outgoing calls, such as setting up a calling card service. Anyway, Weston Capital's PBXs weren't necessarily compromised, and we can surely expect more and more of these phishing attempts in the future.

Leave a Reply