San Francisco-based Cloudmark said in a statement Tuesday that scammers posing as banks are sending mass emails directing PC users to dial a number to clear up inaccuracies with their bank account.
Victims who fall for the scam reach an automated message – connected over VoIP to a private branch exchange – that "sounds exactly" like their bank's real interactive voice response system.
"The result can be personally financially devastating," said Adam J. O'Donnell, senior research scientist at Cloudmark.
According to Cloudmark's statement, cybercriminals who use VoIP numbers "reduce the costs associated with conducting such attacks, providing the perpetrators with less risk of discovery." The technology allows scammers to use numbers that are harder to trace than traditional phone numbers.
The company said it advises people who receive these types of emails to call their bank to "double-check the numbers printed on ATM cards instead."
According to several media outlets, the scammers disguised themselves as representing a small bank in the eastern United States.