1. Field of the Invention
The present invention relates to the field of telephonic fraud prevention and more particularly to the prevention of telephonic phishing.
2. Description of the Related Art
The terms “phishing” and “brand spoofing” refer to the transmission of an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. In a phishing scam, an e-mail appearing to originate from the legitimate enterprise (whether by the inclusion of a well-known icon or logo, or domain name) directs the user to visit a Web site where the users will be asked to update personal information, such as a password, credit card number, social security number, or bank account number. The Web site, however, merely is an imposter site masquerading for the legitimate Web site for the legitimate enterprise. For the unsuspecting user, valuable confidential information will be revealed to the fraudster.
Government experts and technical experts alike recommend vigilance as a prime means of combatting the phishing scheme. Specifically, experts recommend that end users never reveal private information through a Web site in response to receiving an e-mail requesting the private information, no matter how legitimate the e-mail appears. Rather, experts encourage recipients of such e-mails to directly phone the legitimate enterprise through a previously known telephone number to inquire as to the legitimacy of the e-mail. Even still, many users simply lapse in caution and unwittingly participate as victims in the phishing scam.
Phishing relies not only upon e-mail, but also telephony. In this regard, phishing scammers have been known to send an e-mail that appears to be from a legitimate business requesting to the recipient to call a phone number to update account information or to access a “refund.” Because the scammer can utilize Voice over Internet Protocol (VoIP) technology, the area code and phone number reflected in the e-mail does not reflect the true location of the phishing scammer. As in the case of pure e-mail phishing, experts recommend that the recipient of a suspicious e-mail call the telephone number on a recent financial statement or on the back of a referenced credit card to contact the legitimate enterprise in order to inquire as to the legitimacy of the e-mail.
Telephonic phishing is a form of phishing in which the scam originates and concludes exclusively through the use of a telephone connection between scammer and victim. In the telephonic phishing scheme, a caller purports to represent a legitimate enterprise in requesting confidential information from the victim. The scammer masquerades as the legitimate enterprise by tampering with the caller identification (ID) data in the call header for the telephone call. Alternatively, the scammer associates a telephone number with a business or personal name that when truncated in a caller ID display appears to be similar to the legitimate enterprise, for example, “Amer” as a last name to be intentionally confused with “American Express”.