Credit-card scammers working through VoIP

SAN JOSE, Calif., July 12 (UPI) -- The ease and affordability of VoIP calling has led con artists to use the technology to scam credit-card numbers, a security company said Tuesday.

"Familiar phishing attacks have now evolved into phone scams," the Secure Computing Corporation statement said, calling the new technique "vishing."

"This new technique enables cyber-criminals to harvest detailed ID information, expiration date and other essential ID details in addition to the customer's card and account numbers," the statement continued.

How it works: The potential victim's phone rings and an automated voice message tells him there may have been fraudulent use of his credit card. It provides a toll-free number to call, and when the customer calls the second number, he is prompted to enter his 16-digit credit-card number. The "visher" then has all the information he needs to make fraudulent charges on the card.

"Like most other social engineering exploits, vishing relies upon the 'hacking' of a common procedure that fits within the victim's comfort zone," Paul Henry, Secure Computing's vice president of strategic accounts, said via the statement.

"It is a normal procedure when calling a credit card provider to be asked to enter your 16-digit credit card number before given the opportunity to speak to a credit card representative. Consumers need to be extra vigilant when giving out their information on the phone," Henry continued.

Secure Computing warned that customers should never call an 800 number other than the ones on the back of the card and on the statement. If a customer receives a "vishy"-sounding call, he should hang up and immediately call the number on his credit-card statement to verify the information.