FBI warns on denial-of-service phone scam

FBI warns on denial-of-service phone scam

The FBI has issued a warning to Americans after a spate of telecommunications denial-of-service (TDoS) attacks left fraudsters able to access online bank and brokerage accounts.

The TDoS attacks use automated dialling programs and multiple accounts to overwhelm victims' mobile phones and land lines with thousands of calls.

When victims answer the calls they hear dead air, an innocuous recorded message, advertisement, or a telephone sex menu.

The attacks are a diversionary tactic, enabling the fraudsters to use personal information about the victim they've acquired through social engineering techniques or malware to pilfer online accounts.

Because the victim's phone lines are tied up, their banks are unable to contact them to verify transfers, enabling the fraudsters to empty accounts.

The FBI says it discovered the new-style attacks through a private industry partner, which found a Florida dentist who lost $400,000 from his retirement account after a denial-of-service attack on his phones.

Since April "there has definitely been a noticeable surge in telephone denial-of-service attacks, with numerous incidents having been reported in several Eastern states" says the agency.

It has now teamed up with the Communication Fraud Control Association - comprised of security professionals from communication providers - to analyse the patterns and trends of telephone denial-of-service attacks, educate the public, and catch the fraudsters.

Comments: (1)

A Finextra member
A Finextra member 24 June, 2010, 10:31Be the first to give this comment the thumbs up 0 likes

I would blame all this on faulty banking systems. If the system is programmed to "auto accept" the malicious transfer when they are unable to reach the customer via phone, there is something wrong with the logic.  The only effective way to stop both the fraud and telephone ddos is that the transfers are "auto rejected" if the customer is not reached.