Personal Resource Center

Scam Alert: Vishing

Phone security tips
Scammers often "spoof" phone numbers that look like they're coming from a company you trust so that you'll answer their call.

Pretexts for vishing calls

Let's say you answer or return a call from a number that looks legitimate. The person on the other end, pretending to represent your bank, tells you some suspicious charges have been made using your debit card. They will cancel your card and issue you a new one, but first they need your PIN, your security code, and the answer to your security question for “verification."

Another version involves a recorded call that instructs you to enter your PIN or other information to be connected to someone regarding a problem with your account. Cybersecurity reporter Brian Krebs shared the storyof a cybersecurity professional who was targeted for such an automated vishing attack with a message from someone claiming to represent AT&T. No detail was spared to make the setup seem real, right down to a sound effect mimicking the telecommunication company's four-note jingle.

Other variations of vishing bait include solicitations of charitable donations (often after natural disasters), offers of free vacations and other prizes, pitches for investments and foreign lotteries, and emailed messages for you to call the number of a service to remove a virus that's infected your computer.

Red flags

  • If you receive an email from a company that you do business with and they ask you to call them, never call the phone number in the email. Instead, use the customer service phone number on the company's website.
  • If you receive a phone call from a particular company or organization but you did not initiate the contact, never disclose any personal information about yourself over the telephone. Real representatives of banks, retail companies, government agencies, and other organizations would not request this kind of information through an unsolicited phone call.
  • Another red flag is when the caller conveys a sense of urgency, insisting you must provide the information they are requesting immediately. As soon as the caller requests personal information from you and begins to pressure you when you refuse, hang up.
  • Never give out your Social Security number, passwords, account numbers, or any other personal or financial details over the phone, especially if you did not initiate the call. Exercise caution when the phone rings so you can protect your identity and your money.

Why working from home may put you at more risk

Many people don't tend to answer their cell phone while at work — unless it's from someone they know and they suspect it might be urgent (say, a spouse, a parent, or a child's school). And it's a common practice to let all unknown numbers go right to voicemail.

But when you move to working at home, all of this changes. Some people may begin to answer every call that comes through, even if they don't recognize the phone number. And if they think the call could have any connection to work, they continue to talk, even if they don't know the person who is calling — or don't quite understand why they're getting the call.

One way to protect yourself: If it's not a phone call from someone you know — or it's not a phone call you were specifically expecting (say, someone calling from your office to help you with your work from home setup) — hang up. If you think there's even a small chance the call may be real, first get the caller's name, their company name, and their department. Then you can either call or email them back or using information you find on a website or a company directory.

How to report vishing

If you've been targeted with vishing, report the incident to the Federal Trade Commission.2 Just select a category and use the FTC's Complaint Assistant to fill out a report online. The agency doesn't resolve individual complaints, but it will share your report with law enforcement authorities and provide information you can use to seek a remedy.

Enroll in Credit and Identity Protection Services

As a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Credit and Identity Protection services. With this service, Synovus will monitor your credit reports and notify you any time any changes are made. Synovus will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs, peer-to-peer networks. Synovus also offers full-service identity restoration if you become a victim of identity theft.

Want to know more about how you can achieve peace of mind as a Synovus customer? Get your personal code by talking with your Synovus advisor and then enroll here.

Important disclosure information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Krebs on Security, “Voice Phishing Scams Are Getting More Clever," Brian Krebs, October 18, 2018, accessed March 30, 2020. Back
  2. Federal Trade Commission, “FTC Complaint Assistant, accessed March 30, 2020. Back