digg_url = 'http://isc.sans.org/diary.html?storyid=7309&rss';
digg_title = 'AT&T Cell Phone Phish';
digg_skin='compact';
digg_topic = 'security';
Alan tells us that several AT&T cell subscribers have just received a text message, which instructs them to call a toll-free number XXX-XXX-7649 to resolve a problem with their account. When called, a voice menu harvests their credit card information.
An interesting delivery mechanism for an old-hat phish, which we're all used to seeing in our email inboxes - now bright-shiny-new as a text message - nice find Allan!
Johannes tested this with the 4111 1111 1111 test card number, which the phish menu verified correctly. Subsequent tests indicate that a random 16 digit number is initially accepted by the voice menu, but fails verification at the end of the input process. This indicates that the menu is actually verifying and processing the CC numbers correctly, and is most likely processing (evil) transactions in close to real-time.
A recording of a successful transaction is here ==> http://johannes.homepc.org/scam.mp3
Always interesting to keep tabs on what evil lurks out there !
digg_url = 'http://isc.sans.org/diary.html?storyid=7309&rss';
digg_title = 'AT&T Cell Phone Phish';
digg_skin='compact';
digg_topic = 'security';