Re: New phishing spam uses phone number instead of URL

Donald Nash · ‎11-01-2007

There's a new phishing spam that's going around. What's notable about this one is that it dupes the user into calling a phone number to "reactivate" their credit card after it was supposedly deactivated due to abuse. We are getting reports of these slipping past IPAS. I'm guessing that it's because there is no URL in the messages for IPAS to key on. So for all you IronPort employees out there: how long before IPAS gets enough smarts to recognize telephone numbers and make reputation checks on them, like it already does for URLs?

Thanks,

luci_ironport · ‎11-15-2007

There was an attack of those in very late October/early November, using VoIP phone numbers (usually in the 425 area code), and targeting CUNA (Credit Union National Association). We wrote rules against it immediately and have not seen any new missed spam reports since then.

Donald Nash · ‎11-15-2007

There was an attack of those in very late October/early November, using VoIP phone numbers (usually in the 425 area code), and targeting CUNA (Credit Union National Association).

Yep, that's the one.

We wrote rules against it immediately and have not seen any new missed spam reports since then.

I noticed that it it died off quickly enough, but there was some pretty good initial success before you guys got the rules out. That's what prompted me to think about a reputation service for phone numbers.

shannon.hagan · ‎11-15-2007

We are seeing it with 877 numbers and 641 area codes as well for Bank of America.

There was an attack of those in very late October/early November, using VoIP phone numbers (usually in the 425 area code), and targeting CUNA (Credit Union National Association). We wrote rules against it immediately and have not seen any new missed spam reports since then.