Vishing: It’s Not a Typo…

...But it could be a costly mistake!

Your phone rings.
Your caller ID says it's your bank so you answer it.
A recorded voice tells you your card has been suspended because it has been accessed by a third party.
You are asked to "Press 1 now" to be transferred to the bank's security department.

You assume it's your bank calling about the credit card account you know you have with them.
The call sounds urgent, so you press 1. They then ask you to enter your card number and PIN.
"Okay," you tell yourself, "They probably need to know who I am to help me." So you punch in the numbers...

Congratulations - You've just been vished! (Unfortunately, that's not an accomplishment worth celebrating.)

Vishing is all the rage among identity thieves these days. The name derives from "phishing," the email-based method hackers use to collect your identity data. The weapon of choice in this variation on the crime is a voice (hence the "V") on the other end of a telephone call, typically from someone who identifies themselves as a company you do business with regularly. They want to appear trustworthy, someone to whom you think you can extend the benefit of the doubt.

It can happen to businesses, too. Wendy's, the quick-service hamburger company, was once "vishtimized" when thieves called and claimed to be technical support representatives from the company that serviced their point-of-sale systems. The thieves' goal was to gain remote access to the system and install malware that enabled them to collect customer credit card information with every swipe.

How significant is the problem? Vishers stole nearly $1 billion worldwide in 2015. According to Interpol, that represents a doubling of losses from the year before.

Sometimes the calls are made in person rather than using a recorded message, but all of the vishing attempts rely on creating a sense of urgency. The thieves have the ability to control your caller ID with a technique called "spoofing" that makes it look like the call is coming from the business you know. If you hangup and call the business to find out if they actually contacted you, some vishers can automatically reroute your call to them.

If anyone calls you and asks you to give out  your personal credit card information over the phone, hang up immediately. If you have not registered on the National Do Not Call registry, go to donotcall.gov and register. Vishers may still use your number, but if you're registered and get a call anyway, you can be relatively sure that you're not dealing with a legitimate company.

You can use the customer service number from the company involved to report a vishing incident or contact the Federal Trade Commission at ftc.gov or (888) 382-1222.