Be Advised, Vishing Loves Tax Season
You have probably heard of phishing, the use of electronic communication, such as email, to attempt to acquire sensitive information like usernames, passwords, and credit card details in order to use them for malicious reasons. So, what in the world is vishing? Vishing, or voice phishing, is essentially the same ploy, but the scammer uses the telephone instead of email.
During tax and holiday seasons, vishing is the second most rewarding way for attackers to gather personal financial information from unsuspecting victims.
How Does It Work?
As a social engineering scam, it relies heavily on human interaction that involves tricking people into breaking their normal security procedures and giving their confidential financial information to the scammer.
First, the scammer gains a list of telephone numbers from a breached database that typically has other information as well, such as first and last name, maybe your email, or even your home address. Then, they set up their systems to start randomly calling these phone numbers. When someone answers the phone a voice recognition system, like a computer or robot, answers and typically uses scare tactics to get you to call a different number. A popular scare tactic is “something has happened to [someone you know], please call this number immediately to help them out.” When you call that number, a live person will answer and will use a very sophisticated approach of social engineering to try to obtain your credit card number or bank account information.
How Do You Protect Yourself from These Types of Scams?
A lot of time and effort is put into planning these vishing scams in order to sound authentic, and it could be easy for anyone who is not aware to be fooled. A financial institution, like a bank, will never call and ask you for any of your financial information. Your bank already knows your bank account and credit card numbers; they do not need you to provide them with that information. If they have a problem with an account or loan, they will send you notice through regular postal mail, and then they wait for you to contact them about the issue.
An exception to this is a collection call. If you default on a payment, there will be collection agencies trying to contact you for payment through the phone. There are ways to help uncover if this debt collector is legitimate. Always ask what that debt is from; legally they have to answer, if they refuse then something is wrong. A real collector should be able to provide you with their name, company name, address, and phone number. Also, within 5 days of that phone call from the collector, you should receive a letter in the mail confirming the debt, which will also include the collection agencies company information. Find more ways to know if a debt collector is legitimate from Bankrate.
No matter who calls, never give out your account information or confirm that information. Be diligent during tax or holiday season, as the scams get more sophisticated all the time. Always question when you receive a call that you’re not expecting.
What Should You Do if You Realize You Have Just Been Scammed?
Most people realize they are being scammed when it’s too late, after they have already provided the scammers with their financial information. If this happens to you, call your financial institution immediately and let them know what happened. They will put a stop on those charges for your bank account or credit card, and then they will help you change those numbers.