Net scams, phone phishing to rise, warns Microsoft

20 Jun 2011

That humans form the weakest link in a security chain is well known, but more evidence of this turned up on Thursday with Microsoft publishing findings of an ongoing internet theft campaign that could be described as phone phishing.

Phishing is a way of stealing personal information by sending email messages urging recipients to submit personal data to a website, posing as a legitimate business.

Phone phishing is all about calling computer users and convincing them to take similar action. In simple terms it is a plain old scam, that could also be called a social engineering attack, if you want to sound trendy.

According to Microsoft, criminals posing as computer security engineers have been calling people at home to warn them of a computer security threat.

The fraudsters claim to be offering free security evaluations on behalf of recognised companies, an approach similar to the one adopted by fake antivirus software, except with a personal touch rather than an on-screen graphic.

Though this may sound strange, the approach seems to work.  In a commissioned survey of  7,000-person respondents, conducted across the US, Canada, Ireland, and the UK in April, it has been revealed that 15 per cent of respondents in the four countries had received such calls and that 22 per cent of call recipients, or 3 per cent of total respondents, fell for the ruse.