Vishing is a relatively new term that is a combination of "voice and Phishing." In the past vishing was only over the phone, now there have been numerous reports of legitimate looking e-mails asking the user to call a 800 number related to a banking issue. When the user calls the 800 number, the recording asks them to put in information about their card and other sensitive information to "verify their account". The long and the short of this is to NEVER call the number in an email. Instead, ALWAYS look up the phone number on your account statements.
From the point of view of the attackers, vishing is essentially a three-step process. The first step is to create a script that automatically emails multiple people, like any phising attack, casting a wide net that ultimately catches a few unsuspecting customers of the bank they have spoofed. The second step involves the attackers asking for personal identification numbers and other pertinenet account information. The last step revolves around the attackers use of obtained information to steal money from the victim.
If you are a victim of vishing, write down what happened and how you first contacted and how you first noticed the fraud. Keep all paperwork that you think may be helpful in the investigation. You should immediately follow the steps below:
- Call your banking institution or any company accounts you think may have been tampered with and let them know what has happened. They should immediately flag your account and look for suspicious activity.
- Contact your local police and file a police report
The number one tip to avoid being a scam victim is to remember: a legitimate ocmpany would never ask you to provide your PIN or password over the phone or online. If you receive such a call, hand up and inform your bank right away!