 Vishing: A new twist on Phishing
©2007-2008 US Netizen
[ other US Netizen articles Pharming Phishing]
What is Vishing?
- Vishing
- is a technique used by unsavory individuals and companies to try and fool you into giving out important personal and financial information over the telephone. Slightly different than Phishing, vishing uses phony VOIP telephone numbers rather than phony websites. The ultimate purpose is to separate you from your money.
With the advent of VOIP, telephone numbers are easy and cheap to obtain and can be forwarded anywhere in the world. These features make it attractive for scammers to use VOIP for their data collection efforts.
What Vishing Looks Like
Vishing is very similar to phishing in that it usually starts in the form of an email that look like it from a legitimate source. It usually is asking you to verify or update account information and provides a phone number for you to call.
These emails can look legitimate, but the Sender field can be spoofed, as can the links. Usually there is a logo that was actually taken from the real site. Often there is some kind of urgency involved such as your account will expire if you don't update your account information.
When you call the phony number, the voice messaging system can sound very professional, asking you to choose 1 for customer service, etc. These types of systems are very easy to set up, so it is not a mark of legitimacy.
How to Avoid Vishing
The guidelines for Vishing are the same as for phishing - don't trust e-mail messages from financial institutions.
Never dial the number in e-mail messages. Instead, look for a contact number in your monthly statement or on the back of your credit card.
Always be skeptical. Most legitimate companies do not send requests to update your information. Those that make these requests are finding that most people are suspicious and ignore the request.
An example of a legitimate need to contact you is a credit card company that detects unusually high activity on your account. In this case they will attempt to call you on the telephone. They will not send an email. They also already know your account numbers, so they will not ask you to confirm them.
General guidelines for protecting yourself against phishing scams:
- Do not give out personal or financial information through an email or telephone request.
- Do not verify personal information from a phone call. Legitimate institutional already have the necessary information.
- If you are suspicious, get a name and number, hang up and call the number from the monthly statement or the back of your card.
- For incoming calls, the Caller ID should not be blocked and should match that of the institution. If the Caller ID is "unavailable" or has more than 10 digits, it's more than likely a VOIP number.
Further Reading
FBI: February 2007
|
