Fraudulent phone calls are increasing in popularity among the criminal community to commit ID theft, warns security firm Trusteer.
"Everyone needs to be on their guard to avoid falling victim - on or offline," said Amit Klein, chief technology officer at Trusteer.
One possible use for these bogus "bank" calls is to utilise personal identification information stolen using malware to give fraudsters credibility as they collect the missing information required to pull off their scam, he said.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
"Defending against the new wave of hybrid attacks requires both technology to detect Man-in-the-Browser (MitB) malware and vigilance from the users of online services," said Klein.
Where criminals are thwarted by security measures such as one-time password authentication credentials which expire, they are turning to professional phone calling services to obtain the missing data required to complete a successful online fraud.
A forum advertisement, discovered by Trusteer, offers a phone service with professional callers, fluent in English and European languages, who can impersonate male and female, as well as old and young voices, at just $10 a call to collect missing data.
"While everyone's attention is focused on protecting themselves in the 'virtual' world, they're still very much at risk back here in the 'real' world. Fraudsters are turning to phone call services in an endeavour to trick people into disclosing their confidential information, sourcing professional callers to impersonate representatives from financial organisations. The sad truth is that it is far easier to perpetrate social engineering over the phone than many realise," said Klein.
Trusteer recommends using up-to-date anti-malware solutions, especially any recommended by banks, to prevent data theft in the first instance, but also to treat all unsolicited phone calls with caution, and to use contact numbers provided by the bank, not the caller, to verify the authenticity of the contact.