Vishing

You may be familiar with the term “phishing,” for scammers masquerading as legitimate companies to try to pry your personal information from you through bogus e-mail links.  This is a huge problem in terms of the number of victims and the dollar losses involved.  The usual advice has been that you should call the company yourself, if you think the request may be legitimate but are not sure.  More often than not, it isn’t.  Remember that the companies you conduct your financial business with should already know the answers to the types of questions these e-mails are asking.

But now there is a new wrinkle to the scheme.  With “vishing” (as in “voice phishing”), the fraudsters—some of whom have been posing as PayPal or financial institutions—may still contact you by e-mail, usually to inform you that there is some sort of problem with your account.  But with “vishing,” they ask you to call a phone number instead of replying by e-mail.  This in turn connects you to an automated answering service which has been set up to steal your account data and allow the criminals to clean out your account.  It is a fraud that is easy to fall for, because it seems like the natural thing to do to call the company if you need to resolve an issue.

If you do call the company to verify that they actually sent you the message, don’t call the number provided in the e-mail.  Be sure to look up the phone number yourself (by manually typing in their official website address, for instance, or by checking your bank statement or the phone directory).  Or better yet, mark the e-mail message as SPAM and delete it!

Now, with the explosion of VoIP (Voice over Internet Protocol) technology, a new way to steal your money over the phone is becoming more common while completely bypassing your e-mail inbox.  Watch for unsolicited phone calls that are in reality “vishing” attempts.  Broadcast randomly and anonymously, such an automated call could have come from anywhere in the world and yet appear to be local.

A recording may tell you your credit card has been breached and may instruct you to dial a number, where you are then asked to punch in your account number for verification.  Or the call may seem to be on the level because the caller already has your credit card number and instead asks for your three-digit security code.  You should hang up and notify your financial institution of this incident immediately at the number on your statement or the back of your card. 

Don’t supply any personal information in a situation like this, especially if the person who contacted you (by phone or e-mail) does not provide a first and last name.  It could cost you dearly.  Be suspicious and DON’T TAKE THE BAIT!