Learn

Personal Resource Center

Scam alert: Vishing

What is vishing
global
Scammers often "spoof" phone numbers that look like they're coming from a company you trust so that you'll answer their call.

Pretexts for vishing calls

Let's say you answer or return a call from a number that looks legitimate. The person on the other end, pretending to represent your bank, tells you some suspicious charges have been made using your debit card. They will cancel your card and issue you a new one, but first they need your PIN, your security code, and the answer to your security question for “verification."

Another version involves a recorded call that instructs you to enter your PIN or other information to be connected to someone regarding a problem with your account. Cybersecurity reporter Brian Krebs shared the storyof a cybersecurity professional who was targeted for such an automated vishing attack with a message from someone claiming to represent AT&T. No detail was spared to make the setup seem real, right down to a sound effect mimicking the telecommunication company's four-note jingle.

Other variations of vishing bait include solicitations of charitable donations (often after natural disasters), offers of free vacations and other prizes, pitches for investments and foreign lotteries, and emailed messages for you to call the number of a service to remove a virus that's infected your computer.

Red flags

  • If you receive an email from a company that you do business with and they ask you to call them, never call the phone number in the email. Instead, use the customer service phone number on the company's website.
  • If you receive a phone call from a particular company or organization but you did not initiate the contact, never disclose any personal information about yourself over the telephone. Real representatives of banks, retail companies, government agencies, and other organizations would not request this kind of information through an unsolicited phone call.
  • Another red flag is when the caller conveys a sense of urgency, insisting you must provide the information they are requesting immediately. As soon as the caller requests personal information from you and begins to pressure you when you refuse, hang up.
  • Never give out your Social Security number, passwords, account numbers, or any other personal or financial details over the phone, especially if you did not initiate the call. Exercise caution when the phone rings so you can protect your identity and your money.

How to report vishing

If you've been targeted with vishing, report the incident to the Federal Trade Commission.2 Just select a category and use the FTC's Complaint Assistant to fill out a report online. The agency doesn't resolve individual complaints, but it will share your report with law enforcement authorities and provide information you can use to seek a remedy.

Important Disclosure Information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Krebs on Security, “Voice Phishing Scams Are Getting More Clever," Brian Krebs, October 18, 2018, accessed November 4, 2018. Back
  2. Federal Trade Commission, “FTC Complaint Assistant, accessed November 6, 2018. Back