Phone Scams Borrow Typosquatting Strategy to Target Bank Customers
Criminals intent on defrauding customers have reserved phone numbers similar to major banks, aiming to catch consumers who misdial the number, says Pindrop Security.As part of attempts to gather financial information from customers, cyber-criminals are reserving phone numbers that are similar to the contact numbers of banks, credit unions and other financial institutions, according to security firm Pindrop Security. In a study of phone numbers for some 600 institutions, the company found close variants used in fraud against 103 organizations, suggesting that attackers had targeted at least 17 percent of financial firms by selecting phone numbers designed to fool customers. The strategy, which Pindrop dubbed a “misdial trap,” could be designed to catch unaware consumers who incorrectly dial their financial institution’s number, the security firm said. The company looked at numbers with variants whose last four digits were adjacent to the last four digits of the actual number, Scott Strong, a data scientist with Pindrop, told eWEEK. “We were able to look at a large volume of phone numbers and compare them to variants of the financial institution’s phone number,” he said. “If a phone number is very similar and they are purporting to be that financial institution, then we considered it part of an attack.”
The strategy closely resembles typosquatting on the Internet, a technique used by online attackers to catch mistyped email addresses and Website URLs. In those cases, researchers have found that creating a server to intercept mistyped domain names in email addresses actually received thousands of messages containing valuable information.