Financial Resource Center


Con Artists Switch From Phishing to Vishing

by Center for Personal Finance editors / September 1st, 2006

There's a new scam on the block, dubbed "vishing," and it's coming to a telephone near you, according to Vishing mimics phishing by trying to trap you into divulging your account numbers. (Phishing is the act of sending an e-mail to a user, falsely claiming to be a legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.) But instead of being phished in an e-mail message, you may receive a telephone call from an automated random dialer, and the voice on the other end of the line may tell you your credit card has been used illegally. You're then asked to dial a fake 800 number with another voice that asks you to confirm your account details and credit card number. If you give the information, you can count on your accounts being drained. All this is possible because of Voice over Internet Protocol (VoIP), the new technology that makes possible inexpensive and anonymous Internet calling. And industry analysts are concerned that it's becoming more difficult to tell phish and vish from actual attempts to contact customers. One attack imitated PayPal with a fraudulent message urging victims to call a California-based phone number to update credit card account information "to prevent any fraudulent activity from occurring." The number was traced to an Internet-phone service and shut down. Take steps to avoid being vished:
  • If you get a phone call and someone asks you to give or confirm credit card or personal information, hang up. Then call your credit union or the financial institution that issued the card by using the phone number on the back of the card or on your statement and report the attempt. If the call was legitimate, the provider will know it.
  • If you get a call from someone who claims to be from a financial institution you do business with, and who knows your credit card account number but wants the three-digit code on the back of the card, immediately hang up.
  • If you get an e-mail message asking you to call a toll-free number to verify account information, delete the e-mail. Never provide personal information or account information based on an e-mail request.
  • Don't be fooled that the caller's phone number appears to be a regional telephone number--it could have been spoofed, which is easy to do using VoIP.
  • Be suspicious of any phone or e-mail contact that doesn't use your first name or surname.
  • Never dial a call return number--or reply to an e-mail--regarding any financial matter.
Facebook Post