These "telephone denial-of-service" attacks are similar to ones that have been used by hackers for years to crash websites by flooding them with Internet traffic. But high-tech criminals are now using automated dialing programs and multiple accounts to overwhelm the phone lines of unsuspecting consumers and small- and medium-sized businesses.
The denial-of-service calls, which can include dead air, advertisements or phone sex menus, are actually diversionary tactics designed to tie up a victim's phone lines. And while the lines are busy, the fraudsters -- impersonating the victims -- raid their bank accounts, online trading and other money management accounts.
The FBI first learned about this scheme through one of its private industry partners, which told the agency of a Florida dentist who lost $400,000 from his retirement account after a denial-of-service attack on his phones. So how does this "dialing for dollars" scam work?
Weeks or even months before the phone calls start, the FBI warns, a criminal uses social engineering tactics or malware to extract personal information such as passwords and account numbers from intended victims. These victims may have set themselves up by replying to phishing e-mails, inadvertently giving out sensitive information during a bogus phone call, or placing too much personal information on social networking sites, which are constantly trolled by cyber criminals. Once the scam artists have enough information, they tie up the victim's various phone lines and either contact a financial institution pretending to be the victim or siphon off funds from their online bank accounts.
Financial institutions typically call to verify such transactions, but can't get through due to the denial-of-service attack. If the transactions aren't approved, the criminals will contact the financial institution, pose as the victim and confirm the transactions. They can also add their own phone number to victims' accounts, and simply wait for the bank to call and request approval. By the time the victim or financial institution realizes what has happened, it's too late.
The FBI reports a surge in telephone denial-of-service attacks since April of this year, with reports of numerous incidents in several Eastern states.The FBI has teamed up with the Communication Fraud Control Association -- a collection comprised of security professionals from communication providers -- to educate the public, analyze patterns and trends of telephone denial-of-service attacks, and identify the con artists and bring them to justice.
The FBI urges consumers and small- and medium-sized business to take the following steps to avoid being a victim of this new scam:
- Never give out personal information to an unsolicited phone caller or via e-mail
- Change online banking and automated telephone system passwords frequently
- Check your account balances often
- Protect your computers with the latest virus protection and security software.