Posted by Virus Bulletin on Feb 21, 2008
Doctored bank alert includes phony phone number.
A spammed-out email has been spotted posing as a phishing warning from US credit union Kessler Federal, with some very sensible advice for customers including genuine contact details for reporting phishing attempts and assertions that no requests for login details will ever be sent by email. In a cunning twist, the messages include a contact phone number, which if called leads to an automated system requesting bank account details including PIN numbers.
The subtle vishing attempt banks on the serious tone of the message to lull readers into trusting its content, and yet ignoring its advice to be skeptical about contact links provided in unsolicited emails.
More details on the fraud attempt are at Sophos here, and a further warning is currently on Kessler Federal's homepage here.
Posted on 21 February 2008 by Virus Bulletin
