As consumers become more educated about phishing scams, creative scammers are moving away from asking people to click on links to placing a phone call instead.
This new type of fraud is called "vishing
," short for "voice phishing." It’s particularly dangerous because it mimics a legitimate way people interact with a financial institution— entering a credit card number before speaking to a representative.
In this scheme, victims receive an urgent e-mail about fraudulent activity being detected with instructions to call a provided phone number immediately. The automated response at this number asks the victim to enter their account number for verification.
The scammers use cheaply obtained Voice over Internet Protocol (VoIP) numbers that can recognize telephone keystrokes to capture the account information. To appear legitimate, they choose area codes for these phony numbers that match the area code of a legitimate financial institution phone number or use technology to trick caller ID boxes into displaying erroneous information.
Some vishing attacks don't even begin with an e-mail. They can also come as calls where the caller already knows the victim's credit card number and just asks for the valuable three-digit security code on the back of the card.
You can take a few steps to reduce your chance of being victimized:
<< Return to Security Center.
- Do not call a number provided in a phone call or an e-mail. Call the number on the back of your credit card or on a bank statement, or confirm their officially listed phone number on their web site.
- If anyone saying they are with a financial institution calls and requests your card number, hang up and call the phone number on the back of the card. If the call was legitimate, the credit card provider will have knowledge of it.