UNCLASSIFIED//FOR OFFICIAL USE ONLY
FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN
Cyber Division
02 August 2006

(U//FOUO) This intelligence bulletin addresses the cyber (CYBR) topic of the National Intelligence Priorities Framework and satisfies intelligence requirements contained in Q-FBI-2700-001-05; CYBR CyD1-II.B.1.
(U) The National Cyber-Forensics & Training Alliance reports that phishers are expanding from the most common form of phishinga to a new more cunning method.1 Commonly, the phisher provides the recipient with a uniform resource locator (URL) in an e-mail, instant message or spam. Once the URL is activated, the recipient is directed to a spoofed Web page—which has been designed to mimic a legitimate organization's Web page—that requests personal account data. The new method used by phishers lists a 1-800 number in the message rather than a URL.
(U) The new phishing method of using 1-800 numbers was first detected in April 2005. Small banks were targeted. In this scam, the phisher sent e-mail messages to the intended victims warning of a problem with their bank account and directed them to call a 1-800 number to resolve the problem. The victims were connected to an automated recording that directed them to enter personal account information. The number originated from a provider of Voice over Internet Protocol (VoIP) service, a service which routes voice conversations over the Internet.
(U) The ease and low cost of obtaining a VoIP telephone number, as well as the difficulty in tracing VoIP calls, makes it even more attractive for criminal use. Additionally, the calls can be directed to any IP address.
• (U) In one recent example of this method, scammers had used Asterisk, an open-source software, to convert a computer into a private branch exchange.b The software copied a bank's automated voice system in order to steal customers' passwords, account numbers and other personal information. In the attack, the phishers sent spam, disguised to look like it was coming from a small bank, and
a (U) Phishing is the practice of social engineering wherein e-mails or instant messages are written to appear as if they have been sent form reputable organizations. The intent is to lure the recipient into revealing sensitive information such as passwords and credit card details which is then used for illicit purposes.
UNCLASSIFIED//FOR OFFICIAL USE ONLY
b (U) A private branch exchange is a telephone system within an enterprise that is owned and operated by the enterprise. The system switches calls between the enterprise users on local lines while allowing all users to share a certain number of external phone lines.
UNCLASSIFIED//FOR OFFICIAL USE ONLY
asked the recipient to dial a 1-800 number to talk with a bank representative. The number went to an automated voice system that asked for the caller's account number and personal identification number in order to access the caller's records.
(U) The threat level for this new scam method to become a trend is high. Providing a 1-800 number with an automated messaging system may provide more perceived legitimacy than a spoofed Web site, thus attracting more victims.

(U) For additional information contact: FBI Cyber Division - Information Sharing and Analysis Section, Cyber Crime Fraud Intelligence Unit at 202-324-9893/0269.
ENDNOTES UNCLASSIFIED//FOR OFFICIAL USE ONLY
1 (U) Information in this bulletin derived from: National Cyber-Forensics & Training Alliance, (U) NCFTA Alerts on Phishing Attempts Using 1-800 Numbers to Steal Account Data (16 May 2006) (UNCLASSIFIED).

__________________