If your phone starts ringing of the hook, there is a chance cybercriminals are draining your bank or online trading account at the exact same moment, the FBI warned Monday.
Online vandals increasingly are leveraging telephone-based denial-of-service (DoS) attacks to tie up the phone lines of unsuspecting individuals as they simultaneously plunder bank accounts, the FBI said in an advisory. The perpetrators use automated dialing programs to deliver constant phone calls to a target’s number.
“Turns out the calls are simply a diversionary tactic: While the lines are tied up, the criminals — masquerading as the victims themselves — are raiding the victims’ bank accounts or other money management accounts,” the FBI said.
The victims are individuals and small businesses that handed over their account usernames and passwords to criminals weeks or months earlier, the FBI said. In some cases, they unknowingly responded to a phishing email or their machines became infected with malware, which allowed criminals to obtain the credentials.
When the phone calls start is when the theft happens, according to the FBI. The criminals bombard victims with telephone calls so their financial institution cannot reach them to verify the transactions. When the victims answer, they may hear an advertisement, in some cases promoting telephone sex, or simply dead air.
“If the transactions aren’t made, the criminals sometimes recontact the financial institution as the victim and ask for it to be done,” the FBI said. “Or they add their own phone number to victims’ accounts and just wait for the bank to call. By the time the victim or the financial institution realizes what happens, it’s too late.”
The FBI, working in conjunction with the Communication Fraud Control Association, first learned of the novel technique when a Florida dentist reported he lost some $400,000 from his retirement account after his phone line underwent a DoS attack.
Since then, the number of incidents steadily have increased, the agency said.
The FBI recommends frequently changing online banking and telephone system passwords.