Phishers Upgrade to Vishing: Phone Scams Target Your Identity

By Rebecca Seaman

By now, most savvy consumers are aware of Phishing Scams: emails supposedly sent from one of the entities we do business with asking us to verify our personal information by clicking on a link in the body of the email. We know that if our creditors or banking institutions need to correspond with us, they will usually initiate contact by sending us a letter or, occasionally, by calling us.

To keep up with consumer’s increasing awareness of phishing scams, thieves have now gotten more technical. Leslie Hunt for Bankrate.com describes the latest ploy known as ‘vishing’-scammers will send an email that appears legitimate asking a consumer to contact their banking institution at a number listed in the email. New Voice over IP (VoIP) technology makes it easy for a scammer to set up new phone numbers quickly, with any area code, and the calls are often automated. For example, a recent scam targeting PayPal users directed consumers to call a number that simply stated “Welcome to account verification. Please enter your 16-digit card number.” The thief is then able to glean the account information from the consumer, and the rest is history.

The reality is, the entities we do business with are very vigilant with the safety of their customer’s personal information, and would never send an email asking consumers to contact them. If necessary, they will contact the consumer directly, sometimes over the phone. That being said, some Vishers are cold calling customers masquerading as legitimate companies. For more details, see this Bankrate.com article in MSN Money.

So how do we know whether or not to trust a phone call from what appears to be a legitimate source? Jim Stickley, the Chief Technology Officer for TraceSecurity, a security compliance software firm, recommends just hanging up if someone who claims to be from your bank calls. Then, call the bank directly. “Use the number on the back of your cards,” he says. “If the call was legitimate, the bank would know that number, too.”

If you find out your bank, creditor or escrow service didn’t contact you; notify them, as well as the Internet Crime Complaint Center and the Federal Trade Commission. Forward the e-mail to spam@uce.gov. Visit the FTC’s identity theft Web site if you’ve responded to a vishing e-mail.