Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Best Practices - Don't call phone numbers in spam email

Email Spam authors continue to craft highly convincing schemes. For example, they can use disposable phones and even spoof the caller-ID display number so it appears to be officially coming from a bank or credit union. They may ask for highly confidential information (e.g., SSN, bank account, credit cards). Finally, if information is revealed, they can use this in identity theft or direct fraud attacks w00t.gif

The specific attack documented by the Internet Storm Center is one where the email recipient appears to have their credit card or bank account locked out due to highly unusual activity. If individuals panic and rely on these email messages, the phone call may appear to be legitimate as they provide sensitive details related to their accounts. Later, they may become victims where it could weeks or months to straighten these matters out.

If you receive phone numbers in suspicious documents and are unsure, contact the bank or firm directly using the publicly listed phone numbers in the phone directory or at their official websites instead.

Social Engineering Techniques - Don't call phone numbers in spam email
http://isc.sans.org/diary.html?storyid=3639

QUOTE: From an awareness point of view to your customers and users:

* not only to teach your users not to follow links in (possible) phishing messages, but to use bookmarked URLs instead

* but to also tell them to use only contact data from a safe location (and especially nothing originating directly or indirectly from the email message itself)

protect.gif Below is also an excellent site to help validate toll free numbers, where the caller-ID information is listed as Private or Unavailable

Site listing Suspect Toll Free Phone Numbers
http://800notes.com/

News related Toll Free calls
http://800notes.com/articles/NewsList.aspx

Best Practices - Toll Free Calls
http://800notes.com/articles/ArticleList.aspx

Comments

Windows Vista News said:

Interesting: msmvps.com

# November 14, 2007 9:15 AM

Best Practices - Don't call phone numbers in spam email said:

Pingback from  Best Practices - Don't call phone numbers in spam email

# November 14, 2007 9:45 AM

DF said:

My family's telephone protocol is 1) dont' answer if the Caller-ID says "Private", "Unavailable", or something similar, and 2) Don't use any e-mail message as the source of a telephone number.  Use a different source instead, like a bank statement or telephone book.

# November 14, 2007 9:52 AM

Harry Waldron said:

DF shares some excellent recommendations, as this is similar to the approach we use in our family :)

# November 14, 2007 11:13 AM

Credit Cards: Low Interest Cash Reward Cards » Best Practices - Don't call phone numbers in spam email said:

Pingback from  Credit Cards: Low Interest Cash Reward Cards » Best Practices - Don't call phone numbers in spam email

# November 14, 2007 12:09 PM

Credit Cards: Low Interest Cash Reward Cards » Best Practices - Don’t call phone numbers in spam email said:

Pingback from  Credit Cards: Low Interest Cash Reward Cards » Best Practices - Don’t call phone numbers in spam email

# November 14, 2007 2:28 PM

www.topcreditcardsadvice.info » Best Practices - Don't call phone numbers in spam email said:

Pingback from  www.topcreditcardsadvice.info » Best Practices - Don't call phone numbers in spam email

# November 14, 2007 11:19 PM

www.bestdebtarticles.info » Best Practices - Don't call phone numbers in spam email said:

Pingback from  www.bestdebtarticles.info » Best Practices - Don't call phone numbers in spam email

# November 14, 2007 11:50 PM