Vishing & Other Personal Security Threats
Full-featured accounting software at an easy-to-afford price.
The July 17, 2006, issue of USTelcoms Crossroads Express stated, “The new technique has been used by criminals to collect details from credit cards, including the three-digit CVV security code, expiration date and account number. ‘Vishing’ scams usually begin when a criminal gets a cheap and easily available VoIP number and then configures an automatic dialing system to call people,” according to the GnomeREPORT.
The GnomeREPORT continued, “When the call is answered, an automated recording alerts the person that his or her credit card has been compromised and the consumer should call a phone number immediately to correct the problem. The phone number is often a toll-free number with a spoofed caller ID of a legitimate financial company.”
Phishing is still the most prevalent Internet scam, generating $929 million in losses in 2005, according to the Gartner Group. MSNBC reports that phishing has progressed into “vishing” where a phone call or the verbiage in the malicious e-mail contains a phone number to call instead of a link to click. An automated answering system is most likely to pick up your call and harvest the requested information you enter.
As more consumers have become more experienced not to click the links in unsolicited e-mails, vishing e-mails or calls have emerged. MSNBC reports that the most recent scams have targeted customers of PayPal and especially Santa Barbara Bank & Trust, using an e-mail that looked like it originated at the bank’s online customer service department.
“Their e-mail blast shows a new level of sophistication. It was targeted to people in the bank’s 805 area code. The phone number people were asked to call was also an 805 number. You’d have to be pretty suspicious not to fall for that one,” said Paul Roberts, speaking with MSNBC. Roberts is a senior editor at InfoWorld magazine.
The other factor making vishing more viable and even convincing is the fact you can easily obtain a Voice over Internet Protocol (VoIP) phone number. The required verification is minimal. Bill Rosenkrantz told MSNBC, “You can be in Russia and get a local area code number in Seattle very quickly.” Rosenkrantz is the director of consumer products at Symantec Corporation.
The lesson in all this is not to respond to unsolicited mail, especially those asking for personal information. Clicking on links or calling phone numbers found in these e-mails should be considered dangerous. Federal Trade Commission attorney Patti Ross told MSNBC, “Use your common sense. What would you do if you were on the street and someone came up to you and asked for your credit card number? You wouldn’t do that!”
Security analyst Ron O’Brien said, “It is becoming more difficult to distinguish phishing attempts from actual attempts to contact customers,” according to the Associated Press. Contacting financial and other organizations using the phone number found on your account statements or on the back of your credit cards allows you to discuss your account information safely.