Vishing? Of course it was only a matter of time!

Seems like some users of a particular bank in California were subject a new breed of email scam, this time instead of pointing the user to a phishing site, or url masked to look like the originating companies website. Instead, it was a phone number listed in the email to customers, which had a recording for customers to enter their information. Of course, this was done over VOIP, and will probably be next to intraceable with the current "openness" of VOIP.

Websense? Security Labs? has received reports of a new phishing attack that targets customers of Santa Barbara Bank & Trust. Users receive an email message that is spoofed and has the subject "Message 156984 Client's Details Confirmation (Santa Barbara Bank & Trust)."

Unlike the most popular form of phishing where users are lured to click on a URL and are directed to a fraudulent site, this lure uses a telephone number. The phone number is in the Southern California area code and was answering at the time of this alert.

When victims dial the phone number, the recording requests that they enter their account number.

The phone response does not mention the bank name, which could be a potential indicator that this number is being used for fraud against other entities.

The actual advisory is here: Websense Security Labs