Vishing (or Voice phISHING) takes place when you receive a call on your home phone or mobile device from someone pretending to be from a trusted source, like your bank or credit card company. But is the voice on the other end really from your bank or is it an identity thief fishing for your account information?
How Does Vishing Work?
When thieves go vishing, they most often call people using an automated system. If a call is not answered, a message is left, saying there is a problem with your bank account or debit or credit card. The call will direct you to a phone number or a website that will ask for personal account information to verify your identity.
If you return the call, a recording asks you to verify by entering your account or debit or credit card information. Stating or entering a bank account or debit or credit card number on your keypad gives the scammer the information necessary to access your account and possibly illegally withdraw funds or conduct a fraudulent transaction. The call may harvest additional details, such as a card’s expiration date and three-digit security code and the accountholder’s date of birth. If the transaction is done with a mobile device, it is also possible for thieves to gain access to all the information stored on the phone.
A fraudulent phone call may offer different reasons why your information is needed: to confirm your account or authorize a purchase, update information, express concerns about activity on your account, or unfreeze or unlock an account or a debit or credit card.
How to Avoid Vishing Scams
American Federal offers these tips to avoid falling victim to vishing:
- Know the caller or sender. Do not respond to phone calls, faxes, emails or text messages warning of dire consequences, such as closing your account, if you do not provide sensitive information immediately.
- Do not give personal or bank information to callers, such as account, PIN or social security numbers or passwords, even if they identify themselves as being from a company you do business with or have partial information about your account.
- Never provide personal information in response to an unsolicited phone call, fax, email or text message, no matter how legitimate it seems. View unsolicited incoming calls with skepticism, especially regarding personal finances and from companies in the “fire” category (finance, insurance, real estate).
- Authenticate the number before returning a voice mail or text message. Remember, American Federal will never ask for client information through an automated voice response system or text message.
- Report suspicious activity immediately. Keep paper and pencil handy by the phone. If you suspect vishing calls, document as much information as you can. Write down the name of the caller, the company and the caller ID, then call the bank or business to independently verify, by using a telephone number from the phone book, account statement, valid company website or business card, not by Googling.
- Never use a link in an email or text message to log in to your account. The link may be fake and take you to a fake website which looks legitimate.
- Keep your personal financial documentation in order, review your account transactions regularly, update contact information and account managers so you can verify the legitimacy of a call and contact your bank immediately if you find any unauthorized transactions.
- Keep your bank informed of your current home and cell phone numbers and email address in the event the bank needs to verify if suspicious activity has occurred.
Protect your Identity
The following resources offer information and guidance on protecting against identity theft:
- Bankrate.com – http://www.bankrate.com/brm/news/cc/20020612a.asp
- Federal Trade Commission – (877) 382-4357. http://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure
- Social Security Administration – http://www.ssa.gov/pubs/EN-05-10064.pdf
- IRS – http://www.irs.gov/uac/Identity-Protection-Tips
- Department of Homeland Security’s United States Computer Emergency Readiness Team – http://www.us-cert.gov/ncas/tips/ST05-019
- United States Department of Justice – http://www.justice.gov/criminal/fraud/websites/idtheft.html
- United States Chamber of Commerce – https://www.uschambersmallbusinessnation.com/toolkits/guide/P14_2260