By ANDREW LAVALLEE
For some time, banks and credit-card companies have been warning
computer users about so-called phishing emails that link to
counterfeit Web sites where customers are asked to enter their account
numbers and other personal information.
Now, savvy con artists are adding a new twist dubbed "vishing."
Customers of Santa Barbara Bank & Trust recently received emails
telling them that their accounts with the company's online banking
system had been disabled after the bank detected unauthorized access.
They were told to dial a telephone number (with a local, Southern
California area code) where an automated voice prompted them to enter
their account numbers, personal-access codes and other details. It's
not clear who was on the other end of the phone line, but it wasn't
Santa Barbara Bank & Trust.
The incident was among the latest in a string of vishing, or voice
phishing, attacks. Security experts say such schemes are made possible
by Internet-telephone services, which allow computer users to quickly
establish phone numbers, often without undergoing some of the
verification checks used by traditional telephone companies. Also,
Internet phone companies dole out numbers with a choice of area code,
regardless of where in the country -- or world -- the user is
located. That can make it much more difficult to locate fraudsters.
The Federal Bureau of Investigation said it has traced the Santa
Barbara scheme to computers inside and outside the U.S., but so far
hasn't made any arrests. The phone number has been deactivated.