The e-mail looks important: “National 1st Credit Union temporarily suspended your account. Reason: Billing failure.” Further down, it tells you to call this number to reactivate: 201-621-5813.
The e-mail is a scam, sent by criminals who are trying to trick you into divulging sensitive information such as your bank account number and password. But in this case, victims have caught a break. Instead of reaching scammers, people who dial this number get a message from the U.S. Federal Trade Commission.
“The telephone number you have just called has been disconnected because it may have been involved in a scam,” the message says. “That message was a trick. It’s called phishing. Because scammers go fishing for information about you or your financial account.”
The FTC has been trying to educate U.S. consumers about phishing for several years now, but about six months ago it decided to make this message available to companies that take down so-called vishing scams. Similar to phishing, vishing scammers send out phony e-mail messages, trying to trick victims into giving up sensitive information. Instead of directing victims to fake Web sites, however, vishers send their victims to a fake automated response system, run on a low-cost VoIP (Voice over Internet Protocol) system.
Vishing makes up less than 1 percent of the fraudulent e-mail tracked by the Anti-Phishing Working Group, but because some people are more likely to trust a telephone number than a Web site, it can be effective.
By putting educational messages on the scammers’ former numbers, the FTC hopes to crack down on the scams. “The idea here is, ‘Let’s provide them with some information.’ These are people who are actually in the midst of responding to a fraudulent message,” said Nat Wood, assistant director with the FTC’s Bureau of Consumer Protection.
Some telecommunications carriers post a similar version of the message that they create themselves, Wood said.
Vishing seems to be a growing problem, for consumers and for technology companies that use VoIP systems.
On Friday, the U.S. Federal Bureau of Investigation warned of a variation of a new type of vishing attack. By exploiting a bug in the open-source Asterisk VoIP software, criminals have been able to use vulnerable Asterisk systems as their own personal auto-dialers and call potential victims directly. The attack can generate “thousands of vishing telephone calls to consumers within one hour,” the FBI said in an
advisory posted to the Internet Crime Complaint Center (IC3).
The FBI is urging Asterisk users to upgrade their software immediately so that their VoIP systems are not vulnerable to this bug.
Although phishing and vishing scams haven’t been a big problem for National 1st, the bank is happy to have the FTC messages on the numbers used by scammers, according to Marcia Elaine Lillis, president and CEO of National 1st. “I think every little bit anybody does helps,” she said.