Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Request for info: Robocall Phishing Against Local/Regional Banks - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Request for info: Robocall Phishing Against Local/Regional Banks

Last week, my wife got an automated call from a bank with only a local presence that her debit card was deactivated. The call went to her cell phone.  She wasn't a customer of that bank so it was easy for her to discard the call (I am a customer with my commercial accounts).  It seems they simply wardialed every phone number with the right area code and three digit exchange in the area of that bank.

Looking to correlate data, the attack isn't new or particularly novel, but curious if it has been seen this month in other areas of the United States.  Please drop a line with some details if so.

It goes without saying, if someone calls you asking for personal information, ask for a call back number and/or tell them you will call the customer service number in the phone book.

Thanks!

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

John

248 Posts
ISC Handler
I can't say if it's new or novel, but I certainly have heard several friends in the midwest complain about this over the past couple of weeks.
hacks4pancakes

48 Posts
We had seen a slight uptick where I work, but it came through as SMS messages to cell phones asking them to call.
Cepheus

2 Posts
Just noticed that you are in Illinois too, John.
hacks4pancakes

48 Posts
Yup, central Illinois bank in this case... like I said, just trying to correlate data to see what the rest of the nation is seeing.
John

248 Posts
ISC Handler
Since last June there has been a lot of Phishing e-mail trying to get people's ADP (the payroll people) information. At least in our case, they had a much better than usual database of active e-mail addresses so there was an enhanced chance of some employee having their personal data stolen. It took ADP until November to semi-publically notice.
KBR

63 Posts
No! Why ask someone you don't trust for a callback number? Instead, just hangup and call your bank directly if you feel the need.
Anonymous
I've received several robocalls from "cardholder services" over the past couple months. As I'm in north Virginia, my robocall count has been extremely high due to the recent election so I probably missed a few in the noise, but there were definitely several in September.
Anonymous
@Greg
You are correct the issue here is authentication. Safest way here is to hang up and call the known good bank numbers or stop by their office.
Algol

3 Posts
Like cepheus, my wife and I both received SMS messages from local numbers with directions to call to reactivate our cards.
timstarlipers.com

3 Posts

Sign Up for Free or Log In to start participating in the conversation!