Something's Vishy 


Jennifer
8 6 7 5 3 0 9
I have your number.

There's a new term in information technology: vishing. "Security Watch" from PC Magazine cites Websense Security Labs in defining "vishing" as voice phishing.

To understand vishing, we must first understand phishing. Phishing is an Internet scam, often involving attempts at identity theft. Phishing attempts are often disguised as helpful e-mails from a reputable Internet site. For example, an e-mail will appear to be from a large company such as eBay, the IRS, or a bank, and looks very authentic with official looking logos and links. The e-mail may say something about an account expiring, filling out a form, visiting a link, etc. However, while the link may say http://www.irs.gov or http://www.ebay.com, it actually points to another site entirely where a user's critical information is stolen by malicious code.

Now imagine the same type of thing, except involving a phone number with a voice-response system. The voice-response system acts just as a phisher's malicious code does to steal personal data. That is vishing.

This concept is not new. It's just another way to do it. "Snail" mail, checks, and e-mail have been used and now the phone. Even in The Daily News Record, there have been local stories. On February 18, 2006, an article by David Reynolds entitled "Local Single Mom Scammed" told of a woman whose bank account had been frozen and her checks were bouncing. The article described her owing her bank thousands of dollars and mentioned her children's savings accounts even being closed. How did it begin? The woman cashed an official looking check at her bank. She had received the check by mail and instead of depositing money, it opened the door for her accounts to be exploited.

Information is powerful. It is a strategic asset to businesses. It provides access to your health records, your personal accounts, and your computers. You can have an updated machine with a firewall and anti-virus program, but you are also a critical line of defense in protecting valuable information. Don't become a vish out of water!

For more information regarding Phishing, please visit our computing security site at http://www.jmu.edu/computing/security/index.shtml#phish.