As long as consumers have money to spend, there will be criminals working hard to steal it.
A typical vishing scam targeting your bank or financial institution would go like this:
- You receive a phone call from a local number, claiming to be calling from your bank, or other financial institution, or even a government agency.
- The fraudster confirms your account name, date of birth and other details, and then comes up with a story that will require you part with sensitive information. For example, they may claim that one of your details have some issue that need to be fixed immediately for you to continue to operate your account.
- The fraudster then requests for your debit (or credit) card details including PAN (16-digits number at the back of the card), CVV (3-digit security code also at back of the card), Expiry Date and debit card PIN.
- If you unsuspectingly share your details, the fraudster will initiate online transactions with your card (or other) details.
- The fraudster then calls again to retrieve the one-time password (OTP) sent to your registered telephone line to authorize the transaction, while pretending to need the OTP to finalize resolution of the bogus issue.
- Few minutes later, you are shocked to see debit alerts, and your account is emptied.
See below on what to do if you have a vishing attack.
What is a vishing (or telephone) scam?
Vishing is a type of phishing scam that happens on the phone. The word vishing is a combination of ‘voice’ and ‘phishing’. Generally, these criminals are looking for your personal details, such as your card, PIN, passwords or card reader codes.Vishing scams are unsolicited calls from fraudsters on your landline or mobile phone claiming to be a staff of your bank, building society or a government agency and trying to get you to part with sensitive details about your account. These scammers fish for information from you, so they can steal your money or collect your information thereby using your identity to commit fraud elsewhere.
These scams are on the rise, with one phone call, you can lose too much. So we implore you to beware of unsolicited phone calls.
Unfortunately, however, companies as opposed to individuals can also suffer this. See the video below to understand the enormity of the problem.
Unfortunately, there’s little you can do to protect against scammers who trick your bank or other businesses into giving up your information. The fault in these cases lies with business support staff who fail to follow proper procedures and instead fall victim to intelligently deceptive vishing scams.
In general, however, you need to beware of Vishing scams!
What to do if you suspect a vishing scam
Vishing and telephone scams are particularly devastating because getting your money back is unlikely; however, you should always report a scam, because at the very least, it may help stop others from being scammed in the same way and the authorities (bank, police, etc) will be able to launch an investigation to try and stop these criminals.If you suspect that your account information has been compromised, please cut the call immediately and do one of the following:
- call your bank immediately on a secure number you are sure belongs to your bank, for example call the numbers on your debit (or credit) card, or visit your official bank website to get their number. Report what happened to them
- if your bank has a fraud team, send an email immediately; you can find the email to write to from your bank's website. If you live in the UK, you can report to Action Fraud over the phone on +44300 123 2040, or online here if you would prefer.
How to avoid vishing and phone scams
Unfortunately, there’s little you can do to fully avoid vishing scammers. Fraud against the businesses and institutions that house your private information is completely out of your control.There are steps you can take to avoid vishing scams. Some employ technical means, while others involve being proactive.
1. Never answer a call from an unknown number
It may be tempting to answer calls from unknown numbers, but doing so could lead you right into a scammer’s waiting arms. Additionally, picking up may only alert the vishing scammers that the number is active, leading to more calls down the road.
Instead, let the call go to voicemail. The rule of thumb is that any real person, business, or government institution that was calling for something important will invariably leave a voicemail or call back later. Many vishing scams will also leave a pre-recorded voicemail message, which will give you a chance to properly vet the whether the caller is a legitimate source.
Do note, however, that many vishing scammers will now call back immediately. The purpose of the call back is to counter the above advice. We are more likely to pick up an unknown number that calls back, as traditionally this has indicated that the caller is not only someone that we know, but that the call is important. This tactic helps define why vishing is considered a type of social engineering.
2. If you do answer, never give personal information over the phone
Banks and government institutions should never ask for personal information over the phone. That said, banks will call you if they believe fraud may be occurring on your account. However, they will typically only call to confirm your location and alert you to the event. They won’t ask for private information in a call you receive from them. Government institutions almost exclusively communicate by mail or occasionally email to conduct official business.
If you are asked to give personal information, ask for the caller’s name and let them know you’ll call back after acquiring an official number. The suspicious caller may try to give you a number to call back on. If that occurs, cross-reference this number with information available online. If the numbers differ, call the number you found through your online search made available from the business or institution’s website. Once you call back, inquire about the original caller to verify identity.
3. Use a caller ID app
Google and Apple have done a lot of work over the years to improve their native caller ID methods. However, neither the Android nor iOS operating systems can effectively handle most spam calls or spoofed IDs. Thanks to the many voice over internet protocol (VoIP) options available now, scammers can easily create spoofed numbers. Hidden identities allow them to leave little to no trace of where they’re actually calling from.
A good caller ID app can help boost your phone’s spam call detection and blocking capabilities. Some phone companies are now installing caller ID app by default, for example Hiya and Samsung phones. For both Android and iOS phones, Truecaller is a good option. Downloaded and used by over 250 million people worldwide, Truecaller has over 2 billion spam numbers locked into its database. Confirmed spam numbers are blocked, while good numbers are allowed through. If a number does end up being a vishing scam, you can add it to their database.
4. But don’t completely trust caller ID
Even with a more effective caller ID app installed, avoid numbers that are not in your phone book. You may still receive fraud calls from spoofed numbers that appear to be legitimate. Even with a caller ID app installed, let any calls not in your phone book go directly to voicemail.
5. Treat vishing scams as you would smishing scams
Vishing and smishing scams are all in the same family. Both utilize your mobile device to target you. As with smishing, vishing scams rely on the personal nature of mobile phone contact to try to extract valuable information. However, it’s important to know that your personal cell phone number is not private. Both phone calls and text messages you receive could be from anyone, including scam artists.
6. Refrain from sharing personal information on social media and online platforms
This is the one where many of us have made mistakes in. We think we are safe so we share personal details online, especially on social media like Facebook. Hackers can easily find out who are our family members, and partners, if we are careless on social media. With this single information, they may be able to trick our banks or cell phone companies, like illustrated in the video above. However, it is amazing how careless many of us can be with not only revealing online who our family members or partners are; but also about revealing where we live, what we do for a living, where we work and many other personal details. The most alarming are those who go on to share parts, or all, of their debit (or credit) card details online.
Beware of online criminals. Do not help them by giving them materials to work with, even on 'safe' social media platforms. Beware of vishing. Hang up all suspicious calls, and immediately inform your bank.
No comments:
Post a Comment