Denial of Service attacks are nothing new. Hackers have been using them for years to bring down websites. The way that a Denial of Service (DoS) attack works is that a hacker will send out a huge number of requests to a server that will be much more then it can deal with, which will in turn bring down the server. The goal is not always financial, but rather just to cause chaos or bring down a competitor. Another variation of this attack is the Distributed Denial of Service (DDoS), which is the same thing, except the hacker also installs bots in other people’s computers, which force their computers to also launch the DoS attacks at the same time, making each attack that much stronger.
However, there is now a new twist to this attack. Hackers are now performing it on telephone lines so that the owner of the phone can’t receive any calls. This is done by creating a number of VoIP accounts, and using them with automated dialing tools to flood a person’s home, business and cellphone with calls. The idea here is that when a business or an individual needs to make a phone call to verify something, such as a huge bank account withdrawal, the bank won’t be able to reach the person because all his or her phone lines are tied up.
The thieves combine this attack with changing the primary phone numbers that the banks call to verify these huge transactions. The thieves get the victim’s account information through some other means, such as a phishing attack or other method, and then call the banks to change the victim’s contact information so that the bank will call the thief instead of the victim to verify a money transfer request.
Many banks, as a precaution, now contact customers at their previously listed phone numbers when contact information on their account has changed. But with these attacks, the bank’s calls are prevented from reaching the victim, who’s phone is tied up with a flood of diversionary calls. This is when the thieves contacts the banks and tell them that the old phone is having problems and that they are verifying the change this way.
At this point, the thieves are free to drain the whole account without having to worry about the victim finding out any time soon. This is exactly what happened to Robert Thousand Jr., a semi-retired dentist in Florida. One November day he received a flood of calls to several phones, and when he answered them, he heard a 30-second recording for a adult hotline (it’s usually some kind of advertisement, pre-recorded message, or just silence). Then about a month later when he checked his account, he found that about $400,000 was taken out by someone in New York.
This type of attack has been a growing trend among thieves, so banks and the FBI are warning account owners that if their phone lines get tied up this way, it may be a lot more then a connection issue or a regular spam call. The account owners should get in contact with their banks to make sure nothing is being changed, and also, if they or anyone they know have experienced this type of phone DoS attack before, they should contact the FBI.