For years, hackers have used denial-of-service attacks to bring down websites by inundating them with traffic. Last week the FBI announced criminals have been using denial-of-service attacks in a different context to scam ordinary citizens–transferring money out of your bank account and while tying up your phone lines. The FBI describes the scam:
“Weeks or months before the phone calls start, a criminal uses social engineering tactics or malware to elicit personal information from a victim that this person’s bank or financial institution would have—like account numbers and passwords. Perhaps the victim responded to a bogus e-mail phishing for information, inadvertently gave out sensitive information during a phone call, or put too much personal information on social networking sites that are trolled by criminals.
Using technology, the criminal ties up the victim’s various phone lines.
Then, the criminal either contacts the financial institution pretending to be the victim…or pilfers the victim’s online bank accounts using fraudulent transactions. Normally, the institution calls to verify the transactions, but of course they can’t get through to the victim over the phone.
If the transactions aren’t made, the criminals sometimes re-contact the financial institution as the victim and ask for it to be done. Or they add their own phone number to victims’ accounts and just wait for the bank to call.”
The best way you can avoid this scam is to keep your personal information secure–never give it out (online or otherwise) unless you’re working with a trusted entity and even then only do so if the page is encrypted with SSL technology. If you’ve been a victim of this scam, contact your financial institution, telephone provider, and the FBI.