What is Vishing?
Though you may have never heard of the term vishing, there’s a good chance you’ve been targeted by this very criminal activity.
Vishing attacks rely on a phone network to steal your money and other personal information.
The word “vishing” is a combination of “voice” and “phishing,” the online scam aimed at getting users to willingly hand over their private, sensitive information.
How does it work?
Your phone rings and you answer the call.
Perhaps the phone number appeared to be from a local caller, or maybe even looked to be from a legitimate financial institution such as a bank or credit card company.
Sometimes, the caller’s number won’t even show up on your caller ID.
Regardless, you hear a voice on the other end of the call – sometimes generated by speech synthesis – suggesting there has been suspicious activity with your bank account, credit card, mortgage, or taxes.
The caller claims to be from a legitimate company, one you might recognize or use.
He or she recommends you call another phone number to provide some information that will help “verify” your identity, and put a stop to this alleged suspicious activity.
The problem is, thieves are anxiously waiting for you to call and hand them your identity on a silver platter.
And this type of crime actually works every day on people around the United States, because many people trust phone calls and caller IDs more than scams they might encounter in an email.
Some legitimate VoIP services like Skype even allow users to pick the area code and prefix phone number they want to use when setting up a new phone number.
That can help criminals disguise where they are actually calling from.
New forms of vishing
While vishing attacks are dangerous enough, a new malicious activity combines vishing with phishing scams.
Criminals might use a phishing email to tell you that there’s a problem with an online account you have established at a popular website, such as a retail company, banking institution or credit card company.
The criminals urge you to call a number or visit a website and enter your personal information to “verify” the account.
But just like in phishing and vishing attempts, the criminals really just want your account number, your Social Security Number, or your PIN to use for identity theft.
“Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone,” according to the FBI.
Protecting against vishing attempts
Stay up to date on the latest threats by visiting the Federal Trade Commission’s website.
You should also report all vishing attempts to the FTC and the FBI’s Internet Crime Complaint Center.
Never respond to text messages, emails or voice messages on your phone from unknown or blocked numbers.
In fact, even if you believe the phone number is legitimate, be just as suspicious of a phone call as you would with a questionable email.
If you receive a call from an “unknown” or “blocked” number, let your voice mail pick up the call.
When it comes down to it, never trust your caller ID; caller ID spoofing is easy and is a growing threat.
Be prepared to ask questions of those who call you and want your personal information.
Verify who they are. Never provide personal information on the phone.
If a caller claims there’s a problem with your credit card or other account, find your paperwork and call the number on the documents you have to verify this information.
Most legitimate companies will never ask you to provide a credit card number, bank account number or Social Security Number on the phone.
Also, log on to www.donotcall.gov to sign up for the National Do Not Call Registry.
Some criminals may skirt around the list, but most legitimate telemarketers will follow the laws.
The website also allows you to file a complaint about a violation of the rules.