The term vishing is a combination of “voice” and phishing. Vishing exploits the public’s trust in land-line telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP (Voice over Internet Protocol) allows for caller ID spoofing thus providing anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software programs to create phony automated customer call center service lines.
An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a “fraudulent call center” established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).
Vishing is very hard for authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message).