Have you received an e–mail, text message, or telephone call, purportedly from your credit card or debit card company, alerting you to a security issue and directing you to call a telephone number to re–activate your card? This identity theft scheme is called "vishing". Many variations have been reported and the volume of attacks is rising at an alarming rate.
Vishing operates like phishing, by persuading consumers to divulge their Personally Identifiable Information (PII) through claims that an account has been suspended, deactivated, or terminated. In vishing, the identity thieves may contact you one of two ways. They may send an e-mail asking you to call a phone number attached to a VoIP account (Voice Over Internet Protocol, or Internet phone service). In other cases the scammers use an automatic dialer to call potential victims and play a recording that warns them of fraudulent credit card activity.
The recording then directs the victim to call another number and confirm their personal data. The perpetrators may already know the victim's credit card number, and may use it to increase the perception of legitimacy. They may only ask for the three–digit security code on the back of the card. The phone number used is often an 800 number with a spoofed caller ID.
For authenticity, some fraudulent e–mails point out that no credit union or bank would ever contact members or customers to obtain their PII by any means.They further warn recipients not to provide sensitive information when requested in an e–mail, or to click on embedded links that could contain malicious software aimed at capturing login credentials.
One new version involves text messages sent to cell phones claiming the recipient's on-line banking account has expired. The message instructs the recipient to renew the account by using the link provided.
At this point, common sense is your best defense. If you get a telephone call asking you to provide or confirm your personal information, immediately hang up. If you receive a suspicious automated call or e-mail directing you to a telephone number, don't use that number. Please beware; spam e-mails may actually contain malicious code (malware) which can harm your computer. Do not open unsolicited e-mail and do not click on provided links.
If you have questions concerning your account or credit or debit card, contact your financial institution using a telephone number obtained independently—from your statement, a telephone book or other reliable source.