You may have heard about online “phishing” scams to steal money from unsuspecting Internet users, but now the criminals are using another type of fraud is called “vishing” to commit the same crimes.

Last week the Federal Trade Commission has filed lawsuits against two telemarketing firms in Florida and the company argue that selling a car extended warranty for the violations do not require registration and fraud for selling bogus assurances from $ 2000 to $ 3000 pop. Since 2007, the company allegedly made 1 billion calls, and received more than $ 10 billion.

These companies are likely to use spoofed caller ID numbers to hide their identities from consumers and law enforcement agencies.

This case is the latest example of what is known as vishing attacks, which use telephone networks to cheat people of money. To help readers understand what these scams are, how they work and how they can protect themselves. CNET News has put together this FAQ.

What is vishing? The term “vishing” is a social engineering technique to steal information or money from customers using the telephone network. The term comes from a combination of “voice” to “phishing”, which online fraudsters, who are the people to give up personal information.

How does it work? Usually attackers use a technique called spoofing the number to look calls come from a legitimate or well known phone number. This technique is very similar to e-mail spoofing, which makes e-mail addresses look like they come from a reliable source. But since people tend to rely on phone service and phone number spoofing telephone numbers can be particularly damaging.

And just as with the Internet phishing attacks that are direct consumers to phony Web sites, vishing attacks are usually recorded in the message indicates that users call a toll-free number. The caller then typically asked to punch in a credit card number and other personal information. In the case of warranty scam, users are invited to buy bogus extended warranty on his car, which can cost anywhere from $ 2000 to $ 3000.

How easy it is to spoof a phone number? With voice over IP technology phone number spoofing is very easy to do. Traditional telephone networks connect a chain of products to another. Each chain at both ends of the call is assigned a phone number the phone company. Therefore, change the phone number the caller in a more complex one. Of course, there were people who figured out ways to hack into the old phone networks to do so, but it was not as easy as it is today with the voice over IP technology. With VoIP services, there is no scheme. These services use the Internet, which assigns the various devices in the network of IP-addresses instead of the actual phone numbers. Phones actually installed by users.

There are several companies offering commercial spoofing services, such as SpoofCard. And even VoIP services like Skype, allow people to get the area code and prefix numbers even they want, when they created a new phone number. These figures can be used to disguise where the calls. Of course, Skype is for personal use, but also other services such as Flowroute providing VoIP services for enterprises with the use of ATS. In the PBX, or private branch exchange system that makes the connection between the internal telephones of private organizations such as businesses, as well as connect them to the public telephone network (PSTN). These services allow companies to choose any phone number to the number they want. But some telemarketers to use the service to spoof telephone numbers.

Practice number spoofing is so widespread and common, that one of the defendants in the FTC suit telemarketers allegedly bragged to a potential client that he can call the U.S. a few hours and not get people calling to Do Not Call list.

There are a number spoofing illegal? No it is not. But there is proposed legislation that would manipulate the phone number should look like this from the other illegal.

Are there legitimate uses for caller ID spoofing? Yes, there are some legitimate use of spoofing. Voice over IP providers, by definition, must use spoofing, or any number of manipulations, the creation of telephone numbers. But there are other legitimate uses. For example, physicians who could call patients from their homes can use spoofing to hide their home numbers. Some online dating services allow people to use spoofing to talk with potential partners without revealing their real phone numbers. But some lawyers involved in cases of domestic violence can use the number spoofing to protect the whereabouts of abused clients.

Although there are some legitimate uses for caller ID spoofing, Lance James, a co-founder of Secure Science, which specializes in fraud protection, said 75 percent of all callers ID spoofing is likely to illicit purposes. Nevertheless, he believes that any new laws that make a written number spoofing illegal, a distinction must be made between people through the spoofing of legitimate purposes, and those who wish to harm or fraud people money.

Who typically uses a number spoofing and vishing fraud? Most of the attacks were from vishing nefarious individuals or criminal groups that are stealing credit card numbers and other personal information to identity theft. But telemarketers are also using technology to make people buy products fictitious. Since the costs are so low in order to spoof caller ID numbers using voice over IP service, it means that companies using the technology, only a small number of people in order to buy fake goods, or send personal or financial information to make the effort profitable .

How fraudsters usually work? Scammers often use a War Dialer, which is the software that the numbers that can be used for calls, to call a phone number in your area, or access to a legitimate voice communications company with a list of phone numbers stolen from financial institutions. Typically, they have created an automated recording to call people, telling them that their credit cards had been marked for fraud. Then they either ask people to submit credit card numbers, PIN codes and / or social insurance number cards to check their accounts or to another number where the consumer is the call to provide information about your account.

Some sophisticated attacks combine vishing and phishing. These swindlers are usually begin with a phishing e-mail said that there was a problem with online account of the famous web site, such as a bank, credit cards, or online retailers, and it directs users to a number of calls and enter information check your account.

It is difficult for authorities to catch vishers? Yes and no. Since all calls are occurring and to complete what is billing records that law enforcement officials can use to track the calls to their sources. But it often takes several subpoenas to obtain access to relevant information, which takes time and costs money.

Are there any technology that can be used to identify vishing attack? The biggest vulnerability in the network connection when the old technology, to get acquainted with new technologies, according to James Secure Science. As a result, he believes that the coordinated efforts of the traditional telephone companies and new VoIP companies can help stop many attacks. In general, traditional telephone companies and VoIP providers could check the authenticity, and calls for people to make calls, they say they are. This practice should reduce much of the illegal activities carried out spoofing room numbers, said James.

Carriers would also add provisions to their use, which prohibit customers from using false IDs to commit fraud. And if these users are doing something illegal, they could have their service terminated.

Some companies are offering software to the black, which is blocking certain phone numbers. Of course, black can be difficult, because the scammers and telemarketers may be possible to change the number of pool rooms, which they use to hide their identities. For example, Google will provide the feature in its Google Voice product that will allow calls to be filtered, such as e-mail to allow users to block calls and send a few calls from certain phone numbers on the “spam” folder.

And finally, the number of providers as a spoof SpoofCard, which handles most of the false numbers on the market can work with service providers and law enforcement agencies of suspicious spoofers flag.

What can I do for consumers to protect themselves? Here are some tips from experts on security matters:

• Be aware. Consumers should be aware that these swindlers there. To find out more information, go to FTC.

• Be suspicious of unknown callers. People should be equally suspicious of phone calls, they e-mail request personal information. Some experts suggest to all calls from unknown callers go to voicemail.

• Do not trust the number. Just because your phone number displays the number or the name of a legitimate company, you can admit it does not guarantee, the call is actually from this number, or company. As indicated above, the number spoofing easily.

• Ask questions. If someone tries to sell you something, or ask your personal or financial information, we ask them to define who they are, then check them to see if they are legitimate.

• Call them back. Again, if someone sells you something, or requesting information, tell them you will call them back and then check the company is legitimate and if a bank or credit card company, call them back, using a number your account or your card. Never provide your credit card information or other confidential information to anyone who calls you.

• The registration number with the National do not call registry donotcall.gov. Even criminals and unscrupulous telemarketers can ignore the list, if you’re on the list, and receive a call from the alleged telemarketer, which could be a hint that this proposal is a forgery. Most legitimate telemarketers respect the rules and laws by contacting consumers. In addition, the site is a place where complaints may be filed.

• Report incidents. The report calls for vishing www.ftc.gov or by calling (888) 382-1222. In the FTC wants to see the number and names that appeared on the numbers, as well as time and information referred to the hearing or recorded message. If you think that was the victim of an attack in vishing You can also contact the Internet Crime Complaint Center.