Derived from the terms "voice" and "phishing," vishing is the online scam of stealing personal information or money from individuals using the telephone network, specifically VoIPtelephony services.
Vishing scams usually begin when the criminal configures a "war
dialler" (sequentially dialled regional phone numbers) to call individuals' numbers
in a given area. When the phone is answered by someone like you, an
automated recording is played to alert the consumer that their credit
card has suffered fraudulent activity and the consumer should call a
phone number immediately. The phone number is often an 800 number with
a spoofed caller ID of the financial company it is pretending to
Similar to phishing scams, which are designed to steal credit card
numbers or other information used in identity theft schemes from
unsuspecting Web users by way of emails with corporate logos and URLs,
vishing exploits the public's trust in landline telephone services,
which have traditionally existed only in physical locations known to
the telephone company and associated with a bill-payer.
Because VoIP services, like Skype, are low cost and make certain features widely available (including formerly difficult-to-abuse
tools of caller ID spoofing, complex automated systems (IVR), and anonymity for the "visher"), the
victim is often unaware they are being "vished."
It is considered a sophisticated crime because it is a new technique used by criminals to harvest details of the
three-digit CVV security code, expiration date and other essential ID
information on the user's credit card and account numbers. Like
most other social engineering exploits, vishing relies on the hacking of a common procedure that fits within the victim's comfort
zone. Specifically this methodology takes advantage of
what has become a normal practice for U.S. credit card users when calling
a credit card provider: Users are asked to enter the
16-digit credit card number before speaking to a representative.
Consumers therefore need to be extra vigilant when giving out their
information on the phone (as well as on the Web).
Vishing is very hard for legal authorities to monitor or trace. To
protect themselves, consumers are advised to be highly suspicious when
receiving messages directing them to call and provide credit card or
bank numbers. Rather than provide any information, the consumer is
advised to contact their bank or credit card company directly to verify
the validity of the message.
There is technology that monitors all PSTN-based traffic and can identify vishing attempts as a result of
patterns and anomalies in call activity. One example is a multiple
calls from a limited set of Skype numbers to call centers.
Click on the FAQ image below to read Frequently Asked Questions about vishing!