
	Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > Investigating phone phishing calls

Ask The Security Expert: Questions & Answers

EMAIL THIS

Investigating phone phishing calls

EXPERT RESPONSE FROM: Ed Skoudis

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 27 June 2007
I recently started receiving a voicemail message, arriving at about the same time each day. In the message, someone claims to have an "important message" for me and leaves a number for me to call back. I figure that it's a spam phishing call, but I am not sure how to respond or get the messages to stop coming. What's your advice?

EXPERT RESPONSE
Well, it certainly could be an example of phone-phishing, an evolving trend today. (About a year ago, I wrote a brief article that addressed VoIP phone phishing attacks.) You could choose to ignore the calls, but such things often pique my curiosity. To investigate and find more information, you should use a public payphone. You remember payphones, don't you? In ancient times, people used coins to pay for public phone calls. If you look in your local shopping mall (or the Smithsonian museums), you likely can still find a coin-operated payphone.

Call the number from the payphone and see who or what answers. But, do not give away any information about yourself. Don't reveal your name, phone number or anything else. Don't even provide them any numbers that were left in the voicemail that you received, unless you want to take your experiment to the next level.

Now, if you do want to go to the next level, you may want to type in a number that they have likely left for you in your voice mail, a reference number that the phishers have no doubt associated with your telephone number as they dialed it. That way, they can track who calls back. But, if you do type that number in, you are identifying your own phone number as someone who will respond to such solicitation. Typing in these reference numbers may help you get more juicy tidbits about what their goal is, but you also may start getting even more of these voice messages as a result. It's up to you to determine if you want to take the chance.

As for stopping the calls… good luck. That can be very difficult if you don't know what organization is making the calls. You can report the activity to the Federal Trade Commission as a possible violation of their Do Not Call list. If you haven't already, you may want to register for the federal Do Not Call list. The commission may even investigate your complaint. Without the name of the organization that is calling you, however, the FTC won't have much to go on.

More information:

Learn some defensive measures for new phishing tactics.

Read an excerpt from Hacker's Challenge 3: Big Bait, Big Phish.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Phishing
	Product Review: Sophos Endpoint Security and Control 8.0
	EV SSL certificates won't stop phishers, researchers say
	Apple iPhone mail, Safari prone to spoofing
	ING hopes to cut phishing attacks with encryption software
	Companies still monitoring email manually, survey finds
	Trojan downloaders, droppers skyrocket, Microsoft says
	New phishing, Zeus Trojan technique spreads crimeware
	New Storm attack exploits April Fool's Day
	Clinton, Obama campaigns used in spam blasts
	How secure is online banking today?
	Phishing Research

Expert Archive: Information Security Threats

Are there antivirus suites that pick up more than just run-of-the-mill viruses?

What tools can a hacker use to crack a laptop password?

Are social networking sites an easy target for malicious hackers?

What are the dangers of cross-site request forgery attacks (CSRF)?

Should social engineering tests be included in penetration testing?

What kind of data is compromised during a Google hack?

Best practices for using restriction policy whitelists

Defining mobile device security concerns

What are the risks associated with RIM's line of PDAs?

What security measures can be taken to stop crimeware kits?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

crimeware (SearchSecurity.com)

pharming (SearchSecurity.com)

phishing (SearchSecurity.com)

Rock Phish (SearchSecurity.com)

spear phishing (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy