Vishing And How To Not Fall Prey To It
September 30, 2016
What is vishing?
Vishing, or “voice phishing”, is the telephone equivalent of phishing, a tactic cybercriminals use to spread viruses and conduct identity theft, also known as a “phone scam.” But instead of using email or other electronic means to trick their victims, scammers use the telephone. The goal is to get victims to surrender personally identifiable information (PII) that can be used to steal their identities or to obtain their credit card numbers.
Vishing is when criminals try to trick you into forfeiting private info over the phone.
Be suspicious of anonymous or strange callers, and don’t give out private info.
How vishing works
Typically, the scammer pretends to be a legitimate business in order to fool the victim into thinking they will profit somehow or win something like:
- A “free” trip
- A free product or service
- An extended warranty for car or other
- Investment “opportunities”
If the victim hands over their credit card or other info, the scammer can then use their card, or sell the information to someone else for purposes of identity theft.
Vishing combined with malware
Another common scam is to get a call from someone pretending to be a support representative” who wants to help you “fix” your computer since a bug or other problem was detected. The caller will ask the victim to download remote support software so they can correct the problem. In reality, the victim is downloading malware.
How to protect yourself from vishing
Think twice – Treat calls from unknown numbers just as if a stranger approached you on the street with the same offer. If you wouldn’t give your info to a stranger, don’t give it to the caller.
Educate yourself – Legitimate companies and organizations generally never ask you to provide your PIN or password over the phone or online.
Hang up – If you get a call from anyone (or a recording) asking for PII, hang up.
Don’t trust caller ID – It can be hacked as well to show you a false number.
Document the call – Note what was said, what information they wanted, and, if possible, the phone number or area code of the caller.
Do not “confirm” PII – Never give out credit card or social security numbers (SSN) to callers looking to “confirm” your account information. They aren’t confirming it; they never had it in the first place.
Do not pay – If a caller says you have to pay a fee, it’s not a gift or a prize; it’s a purchase.
Report it – If you think you are a victim of vishing, write down what happened and how you first noticed the fraud. Keep all paperwork that you think may be helpful in the investigation. Then, follow the steps below:
- Contact your local police and file a police report.
- Contact the financial institutions, credit card companies, phone companies and any accounts you suspect may have been opened or tampered with.
- Report it to the Federal Trade Commission at https://www.ftccomplaintassistant.gov/ or by calling (888) 382-1222 and the FBI’s Internet Crime Complaint Center (I3C) at https://www.ic3.gov/default.aspx.