Ever heard of “vishing?” If you have an e-mail account and occasionally read the technology news, you can probably guess what it is. It’s the next attempt for the pathetic, utter losers of the world who are unable to employ themselves legitimately to try and take your money away from you. What it stands for is “voice phishing.” Phishing, of course, is the practice of trolling for consumers’ personal information by sending out e-mails that inform you (usually in excruciating grammar, poor spelling and a lack of originality and imagination so profound it would make the goldfish I keep on my desk cringe in embarrassment) that there is a problem with your bank account or credit card and that you must “update your information.” The phisher’s goal, of course, is to try to get you to reveal your social security number, bank account information, PIN numbers, passwords or any other personal information that can be used to raise cash that will allow the scammer to buy more hair gel, Ring-Dings and glamorous, one-of-a-kind collector plates from QVC to hang on the walls of the kitchen.
The first phishing scams purported to come from established (and credit-card- or bank account-linked) sites such as PayPal and eBay (
News -
Alert). The trollers still make the attempt to craft e-mails that purportedly originate from these two organizations, but now they’ve moved onto banks. The spammers with more than three but less than a dozen brain cells began by using national banks: Citibank and Washington Mutual. Probably a large chunk of the U.S. populace has some connection with either of these institutions: a credit card, a checking account, a car loan or student loan or a mortgage.
But then, the spammers from the scrapings at the bottom of the spam bucket got involved, and began trying to inform me, for example, that I had to update my account at the Pocatello, Idaho Trust Savings Bank. Many consumers wised up at this point. (“But I’ve never even BEEN to Idaho, and I’ve never HEARD of Pocatallo.”) Ninety-nine percent of e-mail users either get rid of this kind of drivel with their spam catchers, or they delete them with little conscious thought.
Faced with the prospect of not being able to pay for those genuine imitation pink silk sheets with adorable panda appliqués they bought from the “Trashy Fripperies” decorating catalog, the spammers have tried a new avenue: using the telephone. Vishing was born.
These re-styled criminals, who are at least as smart as the squirrels on your bird feeder, set up a kind of rudimentary IVR. They count on people not answering the phone. The point is to leave a voice mail for you, announcing that “In an effort to increase the security of our services for our customers, we are asking all account holders to please verify their identities and account numbers by contacting this automated, secure customer service hotline.” The slightly-brighter-than-normal vishers supply a phone number with an area code that matches the target individual’s area code, making the scam seem more legitimate. Alternatively, the voice may inform you that your credit card is showing fraudulent activity. The point is to hope you’ll panic and discard your better judgment.
Upon contacting the phone number, the victim is asked to enter his or her account number and password via touch-tone. This scam has become relatively easy to set up with the advent of VoIP telephone service. A VoIP telephone line can be easily spoofed to seem legitimate, plus it can be set up and taken down very quickly, allowing the scammer to collect information and quickly erase his trail before he begins again with a new number and a new pool of potential victims.
What can you do? Be wary, and use common sense. If your bank were really calling you, they would refer to you by name, not “Dear Customer.” Even if you think the call might be legitimate, do not call the number the message provides. Call your bank and ask them if there's a problem with your account. Never give anyone, whether via telephone or e-mail, your credit card number, social security number or financial account information.
Chances are, if you’re reading TMCnet, you’re tech-savvy. You’ve seen the spam and the scams and know how to spot them. What’s more important, then, is to help the people in your life who find operating the toaster too technologically complicated to understand what to look for and which buttons not to push. Also, take a few moments to talk to elderly friends and relatives who you may have believed to be safe from phishing since they don’t have computers or don’t use e-mail.
Vishing has been specifically designed to build a new target pool of victims. Do your part to put them out of business.
Find Solutions for Enterprises, SMBs & Service Providers at the INTERNET TELEPHONY Conference and EXPO West, September 16-18, 2008. Los Angeles, California.
