Thursday 14 July 2011

Vishing, a phishing attack over VoIP protocol

phishing is the main trick used for hacking email account, facebook and twitter accounts. This trick is used with social engineering for hacking. I think phishing is the best way to hack any account. Today i am going to write about phishing but over VoIP protocol. It is called vishing. Vishing term is the combination of "VOice" with "Phishing". 

This trick use the trick of caller ID spoofing to make a call which looks like calles coming from a valid user with valid phone number. Vishing trick exploits the people's trust on the telephone service and caller id. A normal user do not know about caller id spoofing so he can easily be the victim of this attack. Vishing attack is used to steal credit card numbers or other personal information used in identity theft schemes from individuals.

Example of vishing
Wardialing: This is when attacker uses an automated system to call a specific area codes with a message of a local bank. Once victim answers the call, recording begins, requesting that the listener enter bank account, credit, or debit card numbers, along with PIN codes.

Caller ID Spoofing: This is the trick for cell phone network to display a false number on the recipient’s caller ID. A number of companies provide tools that facilitate caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank.

VoIP: Voice over Internet Protocol, or VoIP, is an Internet-based phone system that can facilitate vishing by allowing multiple technologies to work in tandem. Vishers are known to use VoIP to make calls, as well as to exploit databases connected to VoIP systems.