Leave it to Internet crooks to be endlessly inventive. As soon as one scam is discovered, another one takes its place. The latest innovation in identity theft is a variation on phising called "vishing," or voice fishing. The first recorded incident took place in June of this year, involving a bank in Santa Barbara. A second incident, involving Paypal, occurred in early July.
Similar to the typical phishing scam, vishing involves contacting potential victims by e-mail or phone, usually to alert them that their credit card has been used illegally or that someone has been trying to gain access to their account. Rather than direct targets to a phony corporate web page, vishing scammers instead ask victims to call a toll-free number. This leads to a recording that prompts cardholders to verify their account number by entering it on the keypad. If the target does as instructed, he or she becomes fair game for identity theft.
Vishing Made Possible by Internet Phone Service
The new world of Internet telephone service has made Vishing possible. For one thing, it’s easy to establish a Voice over Internet Protocol (VoIP) phone number immediately, through services like Skype or Vonage, without the same level of verification required for a traditional phone line. Thieves can establish a VoIP phone number with nearly the same ease as setting up a new email address. Also, Internet phone service allows for automated random calling, so a large quantity of potential victims in a specific area can be targeted, which has a number of obvious appeals for e-scammers. (Vishing, like phishing and related scams, is a numbers game.)
Most importantly, a VoIP phone number makes it easier for callers to mask their identity and location. Commonly known as spoofing, this practice makes vishing particularly effective. A criminal operating from anywhere in the world can give his potential victim a number to call that has the same area code, even the same prefix, as the financial institution with which that person holds an account. It is very believable - and believability is the identity thief’s bread and butter.
Advice on How to Avoid Becoming a Victim of Vishing
- Common sense. Be suspicious of any caller who does not already know your basic personal details such as first and last name. Immediately hang up and report the call to the financial institution.
- NEVER respond to a cold call. Even if you think the call is genuinely from your bank or credit card company. Instead, request the caller's name and extension and offer to call them back through the company's main number.
- If you get a call from someone who claims to be from a financial institution with which you do business, and who knows your credit card account number but wants the three-digit code on the back of the card, immediately hang up and report the call to authorities.
- If you get an e-mail message asking you to call a toll-free number to verify account information, delete the e-mail. Never provide personal information or account information based on an e-mail request.
- Don't be fooled that the caller's phone number appears to be a regional telephone number—it could have been spoofed, which is easy to do using VoIP.