Vishing Attacks -- Scam that combines Phishing with a Telephone call
This social engineering scheme goes even a step further than phishing in trying to create a means to steal credit card, bank account, or other information. When it comes to any email message requesting any unusual actions or sensitive information, never take action, as banks and most companies don't operate in that manner. The following is more information on Vishing from an email message I received today.
QUOTE: Experts are warning against the latest Internet scam: "vishing.”
Vishing, or voice phishing, occurs when a scammer sends you an e-mail hoping to get victims to telephone a voice mail box to disclose sensitive financial and personal information.
Many computer users are already aware of so-called "phishing e-mails" linking to counterfeit Web sites that ask computer users to enter account numbers or other personal information.
Many of these scam e-mails look like they were sent from companies like American Express, Bank of America, and other major companies, informing customers they need to update their records.
When they do so, the customer unwittingly provides some criminal enterprise their most sensitive financial and personal information.
Already such phishing scams cost consumers an estimated $929 million. However, new tools – including software that helps locate phony Web sites – have made the scam more difficult to pull off. But the new "vishing" scam gets around computer safeguards by using the telephone instead.
In a typical case of vishing, customers of a California bank received e-mails informing them that their online banking accounts had been disabled because the bank detected unauthorized access, according to The Wall Street Journal.
The customers were told to dial a telephone number with a local area code, where an automated voice asked them to enter their account numbers, personal-access codes, and other information.
Armed with that data, vishing scammers could access the online accounts and transfer money, or make fraudulent purchases with a stolen credit card number.
These schemes are made possible by Internet telephone services, "which allow computer users to quickly establish phone numbers, often without undergoing some of the verification checks used by traditional telephone companies,” the Journal reports.
"Also, Internet phone companies dole out numbers with a choice of area code, regardless of where in the country – or world – the user is located, which makes it difficult to locate the scammers.”
What’s more, automated voice prompts have become common on customer service lines, "and many people have become accustomed to keying in their account information and other details before being able to speak to a representative,” Adam O’Donnell, a senior research scientist at the online security firm Cloudmark Inc., told the Journal.
The bottom line: Experts stress that customers should never turn over private information based on an e-mail request.