From Phishing to Vishing

Two noteworthy types of phishing attacks have recently been reported. The first involves the International Monetary Fund. A July 14 IMF press release warns the public about both phishing and website spoofing attacks using the IMF's name, and indicates that some of the fraudulent solicitations offer that hardy perennial of investment fraud schemes, the "high-yield" or "prime bank" scheme.
The second, reported in a July 11 Internet News article and a July 15 E-Commerce Times article, involves VoIP-based spam/phishing attacks, in which the spam purport to be from a financial institution. In this attack, which the Internet News article labels "vishing," The spam text is intended to persuade recipients to dial a telephone number and enter their bank account and PIN numbers. The E-Commerce Times article cites a senior research scientist with Cloudmark, Adam J. O'Donnell, in explaining that callers are "connected over VoIP to a PBX -- private branch exchange -- running an IVR [i.e., Interactive Voice Response] system that sounds exactly like their own bank's phone tree, directing them to specific extensions." The article adds that "VoIP-based services allow phishers to cheaply add and cancel phone numbers that are harder to trace than conventional numbers."

A New Treaty on Criminal Matters

Last week, according to the Japan Times, the United States and Japan exchanged ratification documents for the Mutual Legal Assistance Treaty (MLAT), which will facilitate mutual exchanges of information between the two countries for use in criminal investigations and prosecutions. Although the United States has negotiated and signed more than 50 bilateral MLATs with foreign governments, this is the first treaty that the Government of Japan has ever signed and concluded.

Commentators from Sophocles to Charles de Gaulle have cast doubt on the efficacy of treaties. MLATs such as the U.S.-Japan Treaty, however, are an exception that proves the rule. Prior to the development of MLATs, the traditional means of obtaining evidence from other countries was the letter rogatory. As a State Department circular explains, a letter rogatory is issued by a judicial authority in one country and addressed to a judicial authority in the country whose assistance is being requested. Among other shortcomings, the letter rogatory process does not ensure that the request will reach the appropriate judicial authority, or require the government whose assistance in a criminal matter is requested even to respond.

In contrast, an MLAT makes it a mutual obligation of the parties to respond to each others' requests for assistance, and to establish central governmental authorities that ocmmunicate with each other in receiving and processing all MLAT requests. Ratification and entry into force of the new treaty can be expected to facilitate bilateral cooperation between Japan and the United States on a wide range of criminal matters.