-advertisement -
New scam to vatch for: vishing
Page | 1 | 2 | 3 |

A caller ID device may even list a legitimate-looking local number. But caller ID information can't be trusted. "The phone number may not even relate to the locale of the call being made," says Ronald O'Brien, a senior security analyst with Internet security firm Sophos.

If you receive such a call, hang up immediately. Banks don't use prerecorded messages when they need to contact you for security reasons. If a problem occurred, you'd get a real person who'd say they were calling from the fraud control department, says O'Brien.

Live scammer on line 1
Unfortunately, some real people who are criminals have started calling victims. In Wisconsin, some of the telecommunications customers of TDS Telecom and AT&T have received live phone calls from scammers claiming to work for one of the companies -- sometimes claiming that AT&T had merged with TDS. Customers were told they qualify for a discount of 35 percent off their long distance accounts. All they had to do to score the discount was verify their contact information, mother's maiden name and other identifiers.

Luckily the scammers didn't get very far. According to DeAnne Boegli, manager of public relations for TDS, she knows of no one so far who has given out financial information.

While customers might receive promotional calls from the company occasionally, she said they wouldn't ask for identifying information because the company already has it on record.

Demonstrating how well live vishing calls can work, Jim Stickley, chief technology officer and "social engineer" with TraceSecurity, a security compliance software firm, has used his own version of the scam on bank workers for the past two years.

Hired by bank executives to perform security assessments, his team pilfers customers' phone numbers and e-mail addresses from unshredded papers and sticky notes thrown away by employees. He then poses as a bank employee and leaves messages on the answering machines of customers during business hours. The message would claim that while working with the customer's account, an anomaly was discovered.

He uses the e-mail addresses to send out an e-mail with a similar message and directs them to call an 800 number, even providing a bogus reference ID number to make the message appear legitimate. When someone dials the 800 number, the call forwards to his cell phone. He then asks for the reference ID number, their name, account number and Social Security number -- for "security verification purposes," no less. "They'll give you anything you want at that point," he says.

Customers then are told their account was now processing.

Asked whether the calls were generally successful, he says: "It works every time they call back."

How to protect yourself
Though most vishing scams don't use the personal approach, Stickley says you should distrust the number on the caller ID or the number left in suspicious phone messages. Caller ID systems can be hacked to say anything and VoIP providers let you assign any area code to a phone number. "Use the number on the back of your cards," he says. "If the call was legitimate, the bank would know that number, too."

Next: "Don't attempt to verify the call by asking for your account number."
Page | 1 | 2 | 3 |
Crime-fighting dumpster diver
Be alert to scams targeting the elderly
Don't get hooked by these 9 scams
Video: 5 myths about going green
5 myths about going green
Video: Ways to keep produce fresh

Compare Rates
30 yr fixed mtg 4.45%
48 month new car loan 3.77%
1 yr CD 0.89%
Rates may include points
  How much life insurance do I need?  
  Calculate your payment on any loan  
  What will it take to save for a goal?  
Begin with personal finance fundamentals:
Auto Loans
Credit Cards
Debt Consolidation
Home Equity
Student Loans
Rev up your portfolio
with these tips and tricks.
- advertisement -