Voice Phishing (vishing) Incidents on the Rise
by: Jerry Liao
Move over phishing, a new scamming scheme is in town to replace you – its called “vishing” short for voice phishing.
Phishing occurs when an email is sent that pretends to be from a bank or major online merchant. The email will request that the user click on a link to verify their account information. The user is then directed to a fake site that collects login and password information, which is then used to steal credit card and other personal information.
Vishing on the other hand is a new variation on the same theme. You will receive a phone call with a recorded message reporting that your credit card has been breached, suspended, deactivated, or terminated, and requesting that you contact a number immediately. When you call the number, another message will state something like, “This is account verification. Please enter your 16 digit account number.” If you do, the thieves will have your information.
A new version recently reported involved the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.
General Characteristics of a vishing scam:
Methods of transmission:
– typically an incoming recorded telephone message uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization
– the message uses an urgent pretext to direct unsuspecting users to another telephone number
– the victim is invited to punch their personal information on their telephone keypad
– criminals capture the key tones and convert them back to numerical format
Different variations of the scam:
– the potential victim is contacted by a phishing e-mail and directed to a VoIP-based telephone number
– the potential victim receives a telephone call from another individual with a spoofed caller ID
– the potential victim receives a recorded incoming call with a spoofed caller ID directing them to a phishing site
Information at risk:
– payment card information (numbers, expiry dates and the last three digits printed on the signature panel)
– PIN (Personal Identification Number)
– social insurance number
– date of birth
– bank account numbers
– passport number
Potential uses of your information:
– control of victim’s financial accounts
– open new bank accounts
– transfer bank balances
– apply for loans
– credit cards and other goods/services
– luxury purchases
– hide criminal activities
– receive government benefits or
– obtain a passport
How to prevent:
– As a general rule, be suspicious when receiving any unsolicited incoming communication.
– Never provide personal information in these circumstances.
– Never rely solely on your telephone caller ID function.
In this case, the best defense is knowledge. Users are adviced to be suspicious always especially if it concerns their financial information. Investigate by using telephone numbers known to be valid. In the case of credit cards for example, use the telephone number printed on the back of the card. Never provide personal or financial information to non-validated sources. Call your bank for verification if indeed they are sending the messages. Be knowledgeable of your bank’s procedure as well.
This is another security challenge for financial institutions, merchants, security providers and the consumers.