A blog by the Brick Factory The Brick Factory

Vishing: A Scam That Doesn't Even Sound Like a Real Word

About a week ago, I wrote a blog entry on my newfound paranoia and fear of cell phone spam.  Fortunately, I have had time to relax, breathe, and find a totally new fear.  "Vishing" is a term that is the combination of the words "voice" and "phishing."  In case you are unfamiliar, phishing is basically an attempt to illegally and fraudulently acquire sensitive details, such as usernames, passwords and credit card information, by masquerading as an upright entity in an electronic communication.  Vishing takes this idea to the next level, an annoying and scary level.

By now, everyone has learned to not open email spam that contains fraudulent information or links asking for sensitive information, but people still trust the telephone.  This trust is exactly what vishing feeds upon.  Here is how this new scam works:

First, the criminal configures a war dialer to call numbers in a given region.  Sometimes, however, the criminal steals a phone list from a legitimate financial institution and uses a professional auto-dialing company, unbeknownst to them, to perform the scam.  When the person answers the call, they are generally instructed to call a number due to fraudulent charges on their account.  The criminal is crafty enough to have the caller ID show up as the same number that the message is instructing the victim to call.  This adds a layer of trust and legitimacy to an otherwise iffy phone call.

When the person calls the number, they are instructed to enter their information (such as a credit card number) on the keypad of their phone.  Once this information is obtained, the visher has all the materials necessary to use the account.  These kinds of calls sometimes request PINs, dates of birth, and other security information.

People need to think twice before offering sensitive information, especially over an automated system. Once criminals get information from you, they will not think twice about cleaning out your account.  In 2006, it was predicted that vishing would be the new ‘headache' for people in the world of scams.  Unfortunately, this has proven true, as the number of vishing victims has gradually risen in the last two years.

On some blog sites, I have read comments about the vishing problem claiming that if the everyday man or woman had more common sense, then scams like this would not happen.  I highly doubt that a lack of common sense is the problem.  Shows like The Real Hustle prove to me that not only are scam artists becoming more and more creative, but that scams are becoming increasingly hard to tell from a legitimate proposition.  Vishing is simply another one of these scams.  Once more people are aware of it, the success rate of these criminals will decrease exponentially, but until then, they are still making bank.

Unlike my advice for combating cell phone spam, there is less that I can tell you about how to protect yourself from this menace.  Since this is a new type of technology, there is not much you can do in terms of installing software or some sort of encryption method.  The best thing that you can do to protect yourself is to be suspicious of automated calls and contact your bank directly if you are asked to call a phone number in an automated message.