Stopping Vishing Attacks

Anyone have procedures for shutting down vishing attacks they would like to share? Phishing isn't a problem but I can't find anything out there on how to shut down vishing attacks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

tiersten

Hang up the phone?

RTmarc

That's not the problem. The issue is text messages that are being sent to our customers from cell-based or land lines.

dynamik

Don't these types of things typically come down to education and awareness?

RTmarc

Yes, they do but steps need to be taken to actually remove the number making the calls or sending the messages.

tiersten

Not much you can do about it. It will be hard enough to track down where the message originates from. If you have enough access to a telecom provider's system then you can make it appear to come from any number you want.

There may be a number that your cell or landline provider wants you to forward messages to.

RTmarc

That's what I'm looking for. I'm wondering if someone out there has information on the take down process for these type situations. Phishing isn't really a problem but I haven't been able to find anything out there on vishing.

tiersten

Unless there is a specific one for your country, you have to rely on your provider to set something up. Vodafone in the UK setup a service to report SMS spam to a few years ago but it is only for their own customers.

darkerosxx

RTmarc wrote: »

That's not the problem. The issue is text messages that are being sent to our customers from cell-based or land lines.

If I understand you correctly, aren't you talking about SMiShing?

http://en.wikipedia.org/wiki/Smishing

tiersten

I had to go look it up but Vishing seems to be where you use a phone as part of the scam. Not quite sure how this is different to the ye olde phishing and social engineering scams of before though. I guess people like to make up new terms for things that already exist...

RTmarc

I guess "SMiShing" is another term for it; never heard of that one before. Vishing always involves a phone of some description but can include text messages and call-back numbers.

Obviously it is handled by security awareness and training. I'm looking for specific take down procedures if anyone has any.

the_Grinch

This might help...

http://pogue.blogs.nytimes.com/2008/06/12/how-to-block-cellphone-spam/

darkerosxx

I've also been told by an AT&T rep that if you know the specific number it's coming from that you can, for a fee, block the number for your entire account for calls and/or texts.

RTmarc

I'm not looking for ways to block the number from calling us. I'm looking for ideas on how to get these numbers taken out of commission by the carriers. Our members report the text messages / calls to us (the company) and we need ways to take them down. Similar to how we take down phishing websites once they are reported to us.

darkerosxx

Sounds like it should be the same process...report it, unless you do something extra.

the_Grinch

I don't think there is really anything you can do. Kinda of like saying I want to stop phishing, good luck because a lot of people would like to do it. Telecoms aren't going to do a whole lot because at worst their making money on the people who don't pay for texting. Now they got an extra nickle...