What is Vishing?
Vishing is the criminal practice of
using social engineering and Voice over IP (VoIP) to
gain access to private personal and financial
information from the public for the purpose of financial
reward. The term is a combination of "voice" and
phishing. Vishing exploits the public's trust in
landline telephone services, which have traditionally
terminated in physical locations which are known to the
telephone company, and associated with a bill-payer. The
victim is often unaware that VoIP allows for caller ID
spoofing, inexpensive, complex automated systems and
anonymity for the bill-payer. Vishing is typically used
to steal credit card numbers or other information used
in identity theft schemes from individuals.
Vishing is very hard for legal authorities to monitor or
trace. To protect themselves, consumers are advised to
be highly suspicious when receiving messages directing
them to call and provide credit card or bank numbers.
Rather than provide any information, the consumer is
advised to contact their bank or credit card company
directly to verify the validity of the message.
There are at least two "Vishing" methodologies scammers use.
Online version
The scammer sends a blast e-mail, disguised to appear as though it’s from your
credit union, bank, online payment service or other well-known business. The
e-mail, which may have a trusted logo, typically reports a "security" problem
with the recipient’s account and urges the member/member to call a telephone
number to "straighten things out."
Although many members know better than to click on hyperlinks in strange e-mails
for fear of being "phished," they often feel safe calling a telephone number
that appears to be local or toll-free. When the member calls, they reach an
automated attendant prompting them to enter their account number, password or
other private information for "security verification" purposes.
Cold Call
Some "vishers" use automated dialing programs to "cold call" members. The
members caller ID device may list a legitimate-looking local phone number, to
inspire trust from the recipient. A prerecorded message (or sometimes a live
"employee") claims the member’s account has been compromised or needs updating
or verification. The member is asked to enter their account information, which
is digitally transcribed onto the hard drive of the scammer’s computer.
Fake Caller ID NumbersIn a new phishing scam, con artists are
using phony caller ID numbers to solicit personal information and money.
Thanks to the phony caller IDs, the "spoofers" are able to convince victims
that they're receiving a call from a bank, credit union or credit card
company. The scammers use this technique to acquire sensitive personal and
financial information, or even money, from their victims.
The frightening aspect of this scam is that few people would ever think
that the names and phone numbers appearing on their caller ID screens were
not genuine. However, scammers are already using phony caller IDs and are
posing as representatives of banks, credit card companies and government
agencies. The problem has reached the point where Senator Bill Nelson from
Florida is sponsoring legislation to ban the transmission of false caller ID
numbers. "A similar bill has already sailed through the house," reports
ABCnews.go.com.
Unfortunately, anyone with Internet access and a few dollars can find a
number of legal online services that supply fake caller ID numbers.
ScamBusters.org reports that in just a few minutes of research revealed
several services that tout the "benefits" of caller ID spoofing, including:
-
Maintaining the privacy of your caller ID number.
-
Changing your voice to sound like a male or female.
-
Fooling friends and business associates (or business competitors).
- One
firm claims its technology is suited to individuals in certain
law-enforcement-related professions, while another advertises its
services as inexpensive, easy to use, and great for "business or fun."
At MATCU, we're committed to protecting your privacy and security. We will
never initiate a request for sensitive information
from you via email or over the phone (ie., Social Security Number, Personal
ID, Password, PIN or account number). We strongly suggest that you do not share
your Personal ID, Password, PIN or account number with anyone, ever.
