Doctored bank alert includes phony phone number.
A spammed-out email has been spotted posing as a phishing warning from US credit union
Kessler Federal
, with some very sensible advice for customers including genuine contact details for reporting phishing attempts and assertions that no requests for login details will ever be sent by email. In a cunning twist, the messages include a contact phone number, which if called leads to an automated system requesting bank account details including PIN numbers.
The subtle vishing attempt banks on the serious tone of the message to lull readers into trusting its content, and yet ignoring its advice to be skeptical about contact links provided in unsolicited emails.
More details on the fraud attempt are at
Sophos
here
, and a further warning is currently on
Kessler Federal
‘s homepage
here
.
Posted on 21 February 2008 by
Virus Bulletin
Leave a Reply