IA Tip
 
IACT is dedicated to the advancement of cybersecurity education, training and awareness.
 
NEWS FROM IACT
 
Vishing: An Emerging Threat Vector?
 

November 20, 2008

It’s an e-mail from the widow of a Nigerian prince. You’d have to have been living under a rock for the last 10 years to send her back your bank account information. And you’re probably even saavy enough to verify that “about your account” e-mail message actually is from your bank before you click on the link it provides.

But what if it’s a text message from your bank? “Call us at 860-322-5884 to verify your account identity. Thank you.” When you call, you’re prompted to enter your account number and personal identification number.

Guess what? You’ve just surrendered your account information to a criminal – one engaging in “vishing.”

As people get smarter about protecting their personal information, criminals have gotten smarter about trying to get it. “Vishing” is a new twist on the “phishing” scams hackers use to make you think your bank or credit card company is e-mailing you. The “V” in “vishing” is for “voice” or “VoIP.”

Vishing hackers use the Internet to access the Public Switched Telephone Network. They may call you directly, send you an e-mail with a number they want you to call, or send an SMS text message (“smishing”).

“Caller ID can be spoofed, so you just might fall for it,” said Fountainhead College of Technology Vice President Casey Rackley, who with co-author Slade Griffin presented a paper on vishing at the national 2008 InfoSecCD conference at Kennesaw State University in Georgia in September.

Rackley said vishing emerged because of growing public skepticism of Internet information requests. However, she warned, many people who wouldn’t dare type their bank account information into a Web page don’t exercise the same caution when they receive what appears to be a call from their bank.

Rackley coordinates Fountainhead’s Center for Information Assurance and Cybersecurity Training (IACT), which offers training and support in cybersecurity, not only for the college’s students, staff and faculty, but also for local law enforcement, government agencies and information technology professionals.

The IACT grew out of Fountainhead’s initiative to offer a curriculum that includes information security training, which it did first in 1999, with an associate’s degree program in Information Technology. In 2003, the college became the first in the Southeast to offer a bachelor’s degree with a focus on computer security.

Rackley and Griffin’s vishing paper, which was well received by conference participants, will be published digitally by the Association of Computing Machinery. Read the paper here. http://www.iawire.org/Shared_IA_Resources_Vishing.shtml

For more information, please visit the official IACT website at: http://www.iawire.org, or contact Casey Rackley, Program Coordinator at casey.rackley [at] fountainheadcollege [dot] edu.
 
 
Colloquium for Information Systems Security Education (CISSE)
Copyright ©2004, 2005, 2006 Fountainhead College of Technology

We welcome the usage of various materials available on this website for educational purposes.
Commercial use of the material on this website is strictly prohibited.
Please refer to our Usage Policy for further information.