Look out! It's Phoney Mc Ring-Ring!

Yep, the Phishers are trying a different approach (though not too different, as you'll see below) - from the pages of good old Eweek:

In the newest social engineering attack, identity thieves have spammed fake PayPal account compromise warnings to lure users into dialing a phone number and giving up credit card information.

Nice! I'm assuming this is a variation on a scam that's been around for a while - where the bad guy uses Skype (or something similar) to fool people into thinking it's their bank asking them for details. The Skype thing is actually a touch more sophisticated than the Paypal attack, because they're relying on the victim to call you back and interact with you, whereas with this Paypal angle, they just want you to call a number and leave your details with them. Obviously, by going down the interaction route they can really go to town on the victim and try and grab more than just a credit card number. For a Social Engineer that knows what they're doing, the sky really is the limit.

Don't know what I'm talking about? Well, let me entertain you:

Take one Skype account, order a Skypein number, order an 0800 number and forward it to your Skypein number. At this point, (OH NOES! REST OF SCAM REMOVED).

I won't go into the rest, but basically, it's a scam and a half in the making. How many times do you get freephone numbers calling you on a regular basis about your bank acount / insurance / whatever else? Do you ever stop to check if those numbers are legit when they're calling you? No? Didn't think so. In fact, the amount of times we routinely hand over information to complete strangers on the telephone is vaguely frightening, when you stop to think about it.

Doh - weekend ruined!