Dangerous Money

Voice Phishing (vishing) Incidents on the Rise
by: Jerry Liao

Move over phishing, a new scamming scheme is in town to replace you – its called “vishing” short for voice phishing.

Phishing occurs when an email is sent that pretends to be from a bank or major online merchant. The email will request that the user click on a link to verify their account information. The user is then directed to a fake site that collects login and password information, which is then used to steal credit card and other personal information.

Vishing on the other hand is a new variation on the same theme. You will receive a phone call with a recorded message reporting that your credit card has been breached, suspended, deactivated, or terminated, and requesting that you contact a number immediately. When you call the number, another message will state something like, “This is account verification. Please enter your 16 digit account number.” If you do, the thieves will have your information.

A new version recently reported involved the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

General Characteristics of a vishing scam:

Methods of transmission:
– typically an incoming recorded telephone message uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization
– the message uses an urgent pretext to direct unsuspecting users to another telephone number
– the victim is invited to punch their personal information on their telephone keypad
– criminals capture the key tones and convert them back to numerical format

Different variations of the scam:
– the potential victim is contacted by a phishing e-mail and directed to a VoIP-based telephone number
– the potential victim receives a telephone call from another individual with a spoofed caller ID
– the potential victim receives a recorded incoming call with a spoofed caller ID directing them to a phishing site

Information at risk:
– payment card information (numbers, expiry dates and the last three digits printed on the signature panel)
– PIN (Personal Identification Number)
– social insurance number
– date of birth
– bank account numbers
– passport number

Potential uses of your information:
– control of victim’s financial accounts
– open new bank accounts
– transfer bank balances
– apply for loans
– credit cards and other goods/services
– luxury purchases
– hide criminal activities
– receive government benefits or
– obtain a passport

How to prevent:
– As a general rule, be suspicious when receiving any unsolicited incoming communication.
– Never provide personal information in these circumstances.
– Never rely solely on your telephone caller ID function.

In this case, the best defense is knowledge. Users are adviced to be suspicious always especially if it concerns their financial information. Investigate by using telephone numbers known to be valid. In the case of credit cards for example, use the telephone number printed on the back of the card. Never provide personal or financial information to non-validated sources. Call your bank for verification if indeed they are sending the messages. Be knowledgeable of your bank’s procedure as well.

This is another security challenge for financial institutions, merchants, security providers and the consumers.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: