Derived from the terms "voice" and "phishing," vishing is the online scam of stealing personal information or money from individuals using the telephone network, specifically VoIP telephony services.

Vishing scams usually begin when the criminal configures a "war dialer" (sequentially dialed regional phone numbers) to call individuals' numbers in a given area. When the phone is answered by someone like you, an automated recording is played to alert the consumer that their credit card has suffered fraudulent activity and the consumer should call a phone number immediately. The phone number is often an 800 number with a spoofed caller ID of the financial company it is pretending to represent.

Similar to phishing scams, which are designed to steal credit card numbers or other information used in identity theft schemes from unsuspecting Web users by way of emails with corporate logos and URLs, vishing exploits the public's trust in landline telephone services, which have traditionally existed only in physical locations known to the telephone company and associated with a bill-payer.

Because VoIP services, like Skype, are low cost and make certain features widely available (including formerly difficult-to-abuse tools of caller ID spoofing, complex automated systems (IVR), and anonymity for the "visher"), the victim is often unaware they are being "vished."

It is considered a sophisticated crime because it is a new technique used by criminals to harvest details of the three-digit CVV security code, expiration date and other essential ID information on the user's credit card and account numbers. Like most other social engineering exploits, vishing relies on the hacking of a common procedure that fits within the victim's comfort zone. Specifically this methodology takes advantage of what has become a normal practice for U.S. credit card users when calling a credit card provider: Users are asked to enter the 16-digit credit card number before speaking to a representative. Consumers therefore need to be extra vigilant when giving out their information on the phone (as well as on the Web).

Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, the consumer is advised to contact their bank or credit card company directly to verify the validity of the message.

There is technology that monitors all PSTN-based traffic and can identify vishing attempts as a result of patterns and anomalies in call activity. One example is a multiple calls from a limited set of Skype numbers to call centers.

Click on the FAQ image below to read Frequently Asked Questions about vishing!

See also : cyberfraud  phishing  
NetLingo Classification: Online Jargon

Read an FAQ about this term