What Is Vishing?
Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick unsuspecting customers into providing their personal and financial details over the phone.
How The Fraudsters Operate?
A typical vishing attack could follow a sequence such as this:
- The fraudster sets up an automatic dialler which uses a modem to call all the phone numbers in a region.
- When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and that the customer should call the recorded phone number immediately. The phone number is with a caller identifier that makes it appear that they are calling from the financial company they are feigning to represent.
- When the customer calls the number, it is answered by a computer-generated voice that tells the customer they have reached ‘account verification’ and instructs the consumer to enter his/her 16-digit credit card number on the key-pad. A visher may not have any real information about the customer and would address the customer as ‘Sir’ and ‘Madam’ and not by name or the prefix ‘Mr….’ or ‘Ms…’.
- Once a customer enters his/her credit card number, the "visher" has all of the information necessary to place fraudulent charges on his/her card. Those responding are also asked for the security number found on the rear of the card.
- The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.
Tips To Protect Yourself From Vishing
- Your bank would have knowledge of some of your personal details. Be suspicious of any caller who appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to your bank.
- Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS especially if it is regarding possible security issues with your credit card or bank account.
- When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify whether the given number actually belongs to the bank