News

Telephone Scams: VISHING
Thursday, September 11, 2008

What is it?

 

Vishing, short for voice phishing, is related to phishing in that the scam is the same. The vishing email you receive appears to be from a legitimate business but, in reality, is an attempt to steal personal information such as your user ID, password, social security number, credit card number, and bank account number for financial gain or identity theft.

 

How does it work?

 

What typically happens is the visher sends an email that appears to be from a legitimate business, such as a bank, to millions of email addresses hoping to lure people who are actual customers of that business into responding and divulging personal information. The emails contain a phone number that you are told to call to resolve an issue or to update your account. If an unsuspecting customer calls the phone number and provides information to the automated voice prompts or to a live person, they are likely to become the victim of financial or identity theft.

In another less common form of vishing, you may be contacted by telephone instead of by email. The call may come from a live person or a recorded message. The problem, however, is still the same. If you provide personal information, you will likely have your money, identity or both stolen.

 

What should I be looking for?

 

Although vishing emails are designed to be nearly impossible to distinguish from legitimate emails, there are some common signs you can look for.

  • They urge the recipient to call a phone number to update or verify account information.
  • They convey a sense of urgency and often mention negative consequences for failing to respond.
  • They do not contain any personalization: the recipient’s name, the last four digits of their account number, or other information that shows that the sender knows something about the recipient’s account.
  • They are unexpected and are not consistent with other emails from the business.
  • They often contain spelling errors and bad grammar.

What should I do if I receive a suspicious email?

  • Do not respond to the email and do not call the phone number provided.
  • If you are unsure of its authenticity, call a phone number you trust such as the one on your most recent statement, NOT the one in the email, to verify the company actually sent it and to inquire about why they need your information.
  • Delete it from your Inbox and clean out your Deleted Items folder.

How can I protect myself?

  • Education is your best defense. Know what to look for and what to do. It is very important to note that no financial institution will ever send you an email asking you to verify or supply personal information, such as:
    • User ID
    • Password
    • Social Security Number
    • Card or Account Number
    • Credit Card Security Code (CCV)
  • Never open unsolicited emails from unknown email addresses.
  • Never provide personal information over the phone unless it is to a trusted source for a call you initiated.
  • Install a Firewall and both anti-virus and anti-spyware software. Keep your virus definitions and browser and security software current.
  • Exercise reasonable care when downloading software and opening email attachments. Never download or open an email attachment from an unknown email address.
  • Have your computer analyzed by a qualified technician if you suspect your computer is running abnormally, you are receiving an unusual amount of “pop-up” pages, or you notice that you are being redirected to other web pages.