‘Vishing’ joins phishing and pharming as identity theft method
Fraud fighters throughout the U.S. are reporting a new sophisticated method of identity theft popping up throughout the country.
As digital and often anonymous Internet calling becomes more readily available, more creative thieves have incorporated it into previous phishing schemes. The most recent schemes typically use new Voice-over-internet-protocol (VoIP) technology, in tandem with some of the previous hallmarks of ‘phishing’.
Phishing is a fraud technique in which a thief attempts to mimic or impersonate a bank or credit company through email or phony web pages, trying to solicit sensitive personal information from email recipients or unsuspecting web users.
According to an ABC News report, the research firm Gartner Inc. estimates that consumers lost $929 million in such schemes last year.
Voice Phishing – “Vishing” – goes another step further, combining a digital telephone call with the methodology of phishing, seeking to prompt the phone victim to divulge personal information – social security number, credit card number, account login, password, or other ID – either over the phone line or online to the visher.
“As we grow more sophisticated, often thieves grow more innovative,” said Kelley Weis, security officer for Sunflower Bank. “It’s still extremely important to remember – no reputable bank will ask for sensitive personal information over the phone, web, or via email. Should you have a question about a suspicious contact, email, or call, you should always contact your bank directly.”
One recent con reported in Chicago, Ill. inserted an 800 number in a mass e-mail message asking recipients to call and update their bank details. Upon calling the number, users heard a recorded voice prompting them to enter their account number using the phone’s touch pad.
Another, more sophisticated scam avoids e-mail altogether – with the criminals instead using programmed computers to dial a long list of phone numbers in the same general area and play a recorded message to anyone that answers.
The recorded message warns that a person’s credit card has been used fraudulently and asks them to enter their card number. Significantly, those responding are also asked for the security number found on the rear of the card. The scam is lent legitimacy because VoIP technology makes it easy to spoof the number appearing on caller ID.
In addition, voice callers often can lend an air of urgency or legitimacy to the contact that isn’t easily conveyed via email, and with consumers already accustomed to entering a 16-digit credit-card number to verify their identity when calling customer service at a credit-card companies, the scams often prove effective.
It is important to be vigilant and suspicious of strange telephone numbers, as well as suspicious of telemarketers who have initiated the call and attempting to ask for detailed and sensitive account information. In addition, it is best to contact the customer service solely provided on your bank, credit, or debit card or within your original account documentation.
“Believe it or not, phishing and identity theft have been around for decades,” said Weis. “As technology has evolved, so have the methods, and vishing is just the latest example. The best defense is to be aware and vigilant with personal information, and do not hesitate to contact any of your financial or credit companies with further questions.”
Sunflower Bank was founded in 1892 and is a family-owned bank with 34 locations throughout Kansas and Colorado.
Sunflower Bank now counts more than $1.3 billion in assets. Its home office is located in Salina, Kansas, with other offices located in Colby, Dodge City, Ellinwood, Great Bend, Hays, Junction City, Lawrence, Liberal, Manhattan, McPherson, Osborne, Russell, Victoria and Wichita, Kansas, and Cañon City, Monte Vista, Pueblo, Salida and South Fork, Colorado.
Sources: WPLS-7- Chicago (ABC News);
Security Threat Watch, Network Computing, Aug. 14, 2006.
