-advertisement -
New scam to vatch for: vishing

If you receive an e-mail telling you to verify your bank account immediately by calling a number, watch out. You may be dialing a scammer.

It's a new twist on the phishing scam that began in 2003. In its most common form, a phishing con begins with a bogus e-mail designed to look like it came from a financial institution. It's sent out en masse, and includes a link to a fraudulent Web site designed to steal financial information. Victims click on the link, fill in their account numbers, and away go the thieves.

Law enforcement calls the new con "vishing" -- voice phishing.

It's made possible by use of voice over Internet protocol (VoIP) phones, which allow users to set up new phone numbers quickly, and those numbers can be from any area code. In some cases, fraudsters skip e-mail altogether and "cold call" consumers -- phoning at random for financial information. Some calls involve automated messages; some calls are live.

'Welcome to account verification...'
Take the case of Santa Barbara Bank and Trust customers, who recently were told in an e-mail that their online accounts had been disabled, due to unauthorized access attempts. They were given a local Southern California number to call. Those who did were prompted to provide account information.

Customers of the online money transfer service PayPal also experienced a similar attack in July, a month after the Santa Barbara scam. In an e-mail claiming that the customer's PayPal account had been compromised, victims were directed to dial an 805-area number that simply said, "Welcome to account verification. Please type your 16-digit card number."

PayPal spokeswoman Sara Bettencourt contended that PayPal would never send e-mails out to customers if accounts were compromised, nor ask them to follow a link or call a number in response to an e-mail. They would call customers if an account was compromised -- not have customers dial into an automated message that asked for credit card numbers.

Typically scammers push these e-mails out shotgun-style, hoping to hit at least some people who would find the message relevant. Bettencourt says that the names of well-known banks and companies often get targeted for this reason, as many of the people contacted likely hold accounts.

Example of a vishing attack  


Cold-call vishing
Another form of vishing skips right to the phone call. Again, masses of people are contacted randomly via an automated dialing program, also known as a war dialer. Victims who answer the phone will hear a prerecorded message claiming their account has been compromised or needs updating or verification. They are then prompted to enter in account information or credit card numbers.

In either case, anything typed into the phone gets digitally translated onto the hard drive of the scammer's computer the same way banking voice mail systems translate vocal or typed information.

Next: "If you get such a call, hang up immediately."
Page | 1 | 2 | 3 |
Freezing out ID theft
Be alert to scams targeting the elderly
Don't get hooked by these 9 scams
Video: 5 myths about going green
5 myths about going green
Video: Ways to keep produce fresh

Compare Rates
30 yr fixed mtg 4.45%
48 month new car loan 3.77%
1 yr CD 0.89%
Rates may include points
Begin with personal finance fundamentals:
Auto Loans
Credit Cards
Debt Consolidation
Home Equity
Student Loans
- advertisement -