Heres a novel (to me) phishing approach. Cal, one of our readers, was staying at a hotel in Arizona on business, and he got a call to his room from the - alleged - front desk. They were saying that their computer had gone down, and that they needed to re-verify his billing information.
Cute, isnt it.
Being a security geek, Cal didnt fall for it, said that he was currently talking on his mobile phone with his wife, and whether he could call back. Not surprisingly, the front desk seemed a tad reluctant to provide a number. Stalemate. Thats when the phish caller came up with a very customer service oriented approach: We really regret this trouble, and we will gladly offer you 40% off your room rate for the inconvenience
But no dice: Not even the prospect of a rebate was sufficient to convince Cal to hand out his personal data and credit card information to an unknown caller. He hung up, walked down to the front desk, and upon asking, the lady at the front desk put her head down and said You too? Theyve been calling 201, 203, 204, 210, and now you?
Given the right circumstances and timing, Id say quite a few hotel guests would fall for this. Make sure you are not one of them!
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.