Do not Fall Victim to "Vishing"
Online Thieves can also use your phone to steal from you
By Jon Aldrich
Ted received a call the other day. His caller ID read "Social Security Administration". He figures he better take this call, since it is from Social Security and must be important. The caller on the line is friendly and says there is a problem with his bank account information, and that if Ted does not want to miss his next check, they need to verify his bank account information. Ted surely does not want to miss his next check and gives the caller this information because the caller ID showed this really must be the Social Security office calling. The next day, Ted tries to use his debit card to buy some groceries, but gets denied because his bank balance is $0, it has been cleaned out by the crooks that called him yesterday claiming to be from Social Security. True, he may not be on the hook for the total loss, but it still takes time and frustration to get things remedied.
We have probably all heard of “phishing” as a way for computer hackers to scam unwitting victims into divulging their online credentials so that they can hack into their bank or other accounts. But are you keeping vigilant to not be a victim of a “vishing” attack?
"Vishing" is essentially a phishing attack carried out over the phone. The term “vishing” is a combination of the words "voice and phishing" The perpetrator may call using a "spoofed" number that appears to be from a legitimate financial institution or business, and say that they want to confirm some recent suspicious activity on your account such as a debit or credit card. It can also take the form of a text message to your cell phone. The call could also appear to originate from organizations other than banks and credit card companies and include charitable organizations, debt collectors and healthcare providers.
This is not really a new phenomenon and has been around for years, but it might not be as well known to the general public as much as online "phishing" attempts.
Often times the phony callers may provide information about the victim that appears to be legitimate such as an e-mail address or some other type of information they may have obtained off the dark web or a database of stolen information from a hack such as the Equifax breach a couple of years ago. Sometimes the callers may claim to be from the IRS or Social Security and demand this type of information. Remember the IRS or Social Security Administration will never call you looking to verify account or personal information. In some cases the callers may combine tactics by sending a text and then making a phone call.
What Can You Do to not be a “Vishing” victim?
- Never give out personal information such as a debit card PIN or login or account information to anyone that calls, even if it really appears to be legitimate. Of course, you already know not to do this via e-mail.
- Don't answer calls from unknown numbers. If it is important, they will leave a message.
- Remember that a legitimate business will never make an unsolicited request for personal, sensitive or financial information.
- Always be skeptical. Even if your caller ID shows the name of your bank or other company, remember that this can be "spoofed" to make it look like a legitimate number. This is easy for hackers to do and is actually pretty easy for anyone to do.
What Other Things Should I Be Doing to Protect my Identity?
- Regularly change login credentials for all financial, retail and email accounts. Or use a password manager such as LastPass or Roboform or other program to make this much easier and provide much more secure passwords.
- Run virus and malware scans on all your computers. A program such as Malwarebytes is a good, reasonably priced program to consider.
- Add security features such as two-factor authorization, where you get a code texted to your phone to use to complete the login process.
- If you haven't frozen your credit accounts, consider doing so (see here for how to do). At a minimum consider a credit monitoring service often times these are offered free with your credit card or organizations such as AAA, or you can purchase one from one of the credit monitoring services out there.
- Consider setting up other activity alerts for additional monitoring. I have alerts set up so that I get texted anytime there is over a $10 charge on one of my credit cards. It is also a good way to see how much my kids or wife might be spending and make sure they are not off doing crazy things.
- Get on the Do Not Call Register or call the FTC directly @ 1-888-382-1222
- If you do get a suspicious call that you believe is a “vishing” attempt or a scam of some sort, report these suspicious phone numbers to the FTC (not sure what they can do, but worth a try). You can report at either 1-877-FTC-HELP or visit ftc.gov/complaint
These days we have a lot of things to worry about. Don’t let “Vishing” be one of them. It is pretty easy to avoid being a victim of this scam, so just be on guard.