Anyone who has been online for more than a minute has heard about phishing. For those of you who just crawled out from under a rock… phishing is when identity thieves use fake e-mails and websites to get usernames, passwords, and account numbers from you. They use the information to gain access to your identity and go on enormous spending sprees. Thieves figured out pretty quickly that in order for people to fall victim to phishing, the fake websites need to be completely believable. Phishing websites duplicate the colors and the logos of the financial institutions they are mimicking and some even have the legitimate bank website open in the background, and a small extra window open in the foreground prompting for the user/pass. It is, of course, the small window that is the phishing website.
Unfortunately, the criminal element is getting smarter by the moment. They have found a new way to trick joe-public into releasing private data. This time it’s called Vishing. Vishing is very similar to phishing, but instead of using e-mail and websites, the would-be thieves use the phone line (specifically VOIP - Voice Over IP). Because VOIP is incredibly inexpensive, thieves are able to create mass voice-mail messages and send them out across the phone lines. These messages alert people to a problem with their account, and urge them to call an 800 number immediately. The 800 number is set up with elaborate automated systems that request private information to verify the account.
One of the biggest problems with this racket is that people typically trust the phone. Before VOIP, it was too expensive for thieves to use the phone to mass-message. People became trusting of the phone system, the same way they became wary of the Internet.
Bottom line…. don’t reveal account numbers and social security numbers unless you dialed the number that YOU have for your financial institution. If you receive a phone message about your account, don’t trust the 800 number given in the message. Pull out your credit card and dial the number on the back of it. Your financial institution can transfer you to any department, you shouldn’t need to dial directly.
Don’t get Vished or Phished. Stay alert and suspicious, but most of all… just use common sense.
[tags]vishing scams, phishing scams, identity theft[/tags]
[dels]vishing scams, phishing scams, identity theft[/dels]
February 28th, 2008 at 10:28 am
I didn’t know there was a name for this, but I have had some calls from my credit card company that I was afraid were vishing calls. Voicemails from someone claiming to be the security department at the bank, please call this number right away, etc. As it turned out, each time it actually was the bank, with a minor security question (something that looked like duplicate charges, using my card in two cities on the same day without having purchased a plane ticket, that kind of thing). Each time I got one of those messages, though, I called the number on the back of my card, not the number in the message. Like you said, you call the number you have, not the number they give you, and you can be confident about who’s answering the phone.
Good post.
March 2nd, 2008 at 10:31 am
Never heard of vishing. thansk for the heads up.