It can work one of two ways. In the online version, the con artist sends a blast e-mail, disguised to appear as though it’s from a financial institution, an online payment service or other well-known business. The e-mail may sport a trusted logo, typically reports a “security” problem with the recipient’s account and urges the victim to call a telephone number to “straighten things out.”
The recipient, who knows better than to click on imbedded hyperlinks in strange e-mails for fear of being “phished,” feels safer calling a telephone number. The area code might be a local one they easily recognize or appear to be toll-free. When the victim calls, they reach an automated attendant prompting them to enter their account number, password or other private information for “security verification” purposes.
Some “vishers” use automated dialing programs to “cold call” victims. The caller ID device may list a legitimate-looking local phone number, to inspire trust from the recipient. A prerecorded message (or sometimes a live “employee”) claims the victim’s account has been compromised or needs updating or verification. The victim is asked to enter their account information, which is digitally transcribed onto the hard drive of the scammer’s computer.
The BBB offers consumers these tips to protect against “vishing” scams:
- Typical “vishing” e-mails imply urgency, ask you to verify account information, and may contain misspellings.
- If you receive a “vishing” phone call, hang up. Call your bank, using the phone number on the back of your debit or credit card, and report the matter.
- Banks do not use prerecorded messages to handle security issues. If they telephone you to report suspicious use of your card, they do not need to request identifying information because they already have that on record.
- Do not automatically trust a phone number based on its area code. Con artists can hack into Caller ID systems, and VoIP users can assign any area code to a phone number.
If you think you have been a victim of “vishing” visit the FTC’s Identity Theft Web site at http://www.consumer.gov/idtheft/con_about.htm.