Internet scammers are turning to the phone to craft more convincing phishing attacks in order to trick Web users who have learned not to click on links in unsolicited emails.
Vishing (Voice phishing) is the voice counterpart to phishing. Whereas phishing attacks try to lead you to counterfeit Web pages to trick you into submitting personal information, vishing attacks attempt to deceive you into revealing that same sensitive information, like your credit card details, bank account details, or social security number, over the phone.
Identity thieves typically ask potential victims to call a phone number attached to a VoIP (Voice over Internet Protocol) account. Using VoIP technology scammers can establish a number with a local area code while running their scam oceans away. In the past few years, inexpensive VoIP technology and open source callcenter software has made it cheap for scammers set up their own call centers, often employing staff who may be unaware that they are working for a criminal gang.
A scam might work like this: You get a message urging you to call your bank to reactivate your credit card or you will not be able to use it. Upon calling the phony telephone number, you are greeted with 'Welcome to the bank of...' and led through a series of voice-prompted menus that ask for account numbers, passwords, and other critical information.
You might get the initial message by email, like a traditional phishing scam, or you could be contacted over the phone. The call could either be a "live" person or a recorded message directing you to take action to protect your credit card or other financial affairs. Sometimes the criminal already has some personal information on you, creating a false sense of security. Another twist on vishing attacks involves sending the initial message as a text messages to your cell phone.
Security experts fear that vishing in the time to come could prove more effective than traditional phishing because the voice-based attacks have not yet been as widely publicized, although the U.S. Federal Bureau of Investigation (FBI) warned of an "alarming" rise in the number of vishing attacks in January 2008.
Vishing is difficult for authorities to trace, as scammers can mask the number they are calling from. And in some cases, the VoIP number belongs to a legitimate subscriber whose service is being hacked. Furthermore, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless.
To protect yourself from vishing scams, don't reveal any personal information if someone purporting to be your credit card provider or your bank calls you up unsolicited. Hang up and contact the financial institution directly, using phone numbers included in statements or telephone books.
Also, never call a telephone number provided in an email or a text message. Call the number on the back of your credit card or on your bank statement instead.
Regards