Pretexts for vishing calls
Let's say you answer or return a call from a number that looks legitimate. The person on the other end, pretending to represent your bank, tells you some suspicious charges have been made using your debit card. They will cancel your card and issue you a new one, but first they need your PIN, your security code, and the answer to your security question for “verification."
Another version involves a recorded call that instructs you to enter your PIN or other information to be connected to someone regarding a problem with your account. Cybersecurity reporter Brian Krebs shared the story1 of a cybersecurity professional who was targeted for such an automated vishing attack with a message from someone claiming to represent AT&T. No detail was spared to make the setup seem real, right down to a sound effect mimicking the telecommunication company's four-note jingle.
Other variations of vishing bait include solicitations of charitable donations (often after natural disasters), offers of free vacations and other prizes, pitches for investments and foreign lotteries, and emailed messages for you to call the number of a service to remove a virus that's infected your computer.
- If you receive an email from a company that you do business with and they ask you to call them, never call the phone number in the email. Instead, use the customer service phone number on the company's website.
- If you receive a phone call from a particular company or organization but you did not initiate the contact, never disclose any personal information about yourself over the telephone. Real representatives of banks, retail companies, government agencies, and other organizations would not request this kind of information through an unsolicited phone call.
- Another red flag is when the caller conveys a sense of urgency, insisting you must provide the information they are requesting immediately. As soon as the caller requests personal information from you and begins to pressure you when you refuse, hang up.
- Never give out your Social Security number, passwords, account numbers, or any other personal or financial details over the phone, especially if you did not initiate the call. Exercise caution when the phone rings so you can protect your identity and your money.
How to report vishing
If you've been targeted with vishing, report the incident to the Federal Trade Commission.2 Just select a category and use the FTC's Complaint Assistant to fill out a report online. The agency doesn't resolve individual complaints, but it will share your report with law enforcement authorities and provide information you can use to seek a remedy.