Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

New phishing spam uses phone number instead of URL

There's a new phishing spam that's going around. What's notable about this one is that it dupes the user into calling a phone number to "reactivate" their credit card after it was supposedly deactivated due to abuse. We are getting reports of these slipping past IPAS. I'm guessing that it's because there is no URL in the messages for IPAS to key on. So for all you IronPort employees out there: how long before IPAS gets enough smarts to recognize telephone numbers and make reputation checks on them, like it already does for URLs?

Thanks,

3 REPLIES
New Member

New phishing spam uses phone number instead of URL

There was an attack of those in very late October/early November, using VoIP phone numbers (usually in the 425 area code), and targeting CUNA (Credit Union National Association). We wrote rules against it immediately and have not seen any new missed spam reports since then.

New Member

Re: New phishing spam uses phone number instead of URL

There was an attack of those in very late October/early November, using VoIP phone numbers (usually in the 425 area code), and targeting CUNA (Credit Union National Association).

Yep, that's the one.

We wrote rules against it immediately and have not seen any new missed spam reports since then.

I noticed that it it died off quickly enough, but there was some pretty good initial success before you guys got the rules out. That's what prompted me to think about a reputation service for phone numbers.

New Member

Re: New phishing spam uses phone number instead of URL

We are seeing it with 877 numbers and 641 area codes as well for Bank of America.

There was an attack of those in very late October/early November, using VoIP phone numbers (usually in the 425 area code), and targeting CUNA (Credit Union National Association). We wrote rules against it immediately and have not seen any new missed spam reports since then.

253
Views
0
Helpful
3
Replies