The Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center, has issued an advisory pertaining to a spike in Phishing attacks against telecommunications customers.
According to the IC3, they have received numerous reports of Phishing attacks that are targeting customers of various telecommunication firms. According to reports, the attack starts with a phone call, which claims to originate with the victim’s telecom provider.
From there, they are directed to a website in order to receive a billing credit, discount, or alleged prize ranging from $300 to $500. The domains are nearly perfect replicas of the telecom’s actual portal, which lures the customers into a false sense of security.
On the fake domain, the customer is asked for account usernames and passwords, as well as the last four digits of the customer’s Social Security Number. Once the information is entered, the criminals get a copy of the data – in order to make changes to the customer’s account in the future – and the customer is forwarded on to the legit domain. The FBI advises customers who receive such calls to confirm them with their telecom, but calling the customer service number directly.
In related news, Barracuda Labs has been tracking a Phishing campaign that initially targeted ReMax customers last year, but has since changed tactics in order to leverage the Coldwell Banker brand. The Phishing emails seen as examples on the Barracuda blog target investors, but others are geared towards a more general base, including those seeing to purchase a home.
Following the links in the email direct the potential victim to a Phishing page hosted on a compromised domain, which seeks authentication data for Gmail, AOL, Windows Live, or Yahoo accounts.
“This phishing page takes advantage of the trend towards using well-known web properties as authentication providers,” the Barracuda post explains.
The Phishing portal attempts to pass itself off as offering an OpenID type of service, but does so rather poorly.
“Normally when you [use OpenID] you temporarily visit the website, such as Google, that provides the authentication service. This is a process that unsophisticated users may not pay much attention to. That inattention is exactly what the phisher is hoping for in this case.”