Threat Analysis

Call Forwarding Phishing Attack

  • Date: April 25, 2007
  • Author: Don Jackson

SecureWorks discovered a new Phishing scheme this week which uses a "Call Forwarding" component. The victim receives an email from the phisher telling them that their bank needs to verify their phone number immediately. If they do not confirm their phone number their account will be suspended. The instructions are as follows:


Step 1- Go to your phone and Dial *72


Step 2- Dial 7075314910 (XYZ Bank Secure Line)
Step 3- Your phone is confirmed.

You will receive a call from us in 1 h for final verification!

If you have confirmed your phone, you can continue the update process:

By calling these phone numbers, the bank customer is actually forwarding their calls to the phisher's number. The calls will continue to be forwarded until the victim notices they are not getting any calls.

After the victim confirms their phone number, they are asked to update their personal info, social security number, bank account number, credit card number, etc.

If the bank customer cooperates, then the phisher has all of the banking and personal information needed to begin making fraudulent transactions on the victim's bank account. If the customer's bank calls them to query an odd transaction during the period that their calls are being forwarded, the phisher will receive the calls and confirm that the fraudulent transaction is legitimate.

This particular phishing scam, shown below, has already been taken down by the hosted ISP. However, SecureWorks does feel that other phishing schemes using similar "Call Forwarding" components will be seen on the Internet. To protect against this phishing scam and others, never provide your financial or personal information to an unknown source via email or the phone.

Back to more Threat Analyses and Advisories


See for yourself: Request your demo to see how Taegis can reduce risk, optimize existing security investments, and fill talent gaps.