Vishing Attacks on Increase

Criminals use social engineering to steal personal information.

by / January 18, 2008

The Internet Crime Complaint Center (IC3) has received multiple reports on different variations of a scheme known as "vishing." People receive an e-mail, text message or telephone call, purportedly from their credit card/debit card company directing them to contact a telephone number to re-activate their card due to a security issue. These attacks against U.S. financial institutions and consumers continue to rise at an alarming rate.

Vishing operates like phishing by persuading consumers to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated. Recipients are directed to contact their bank via telephone number provided in the e-mail or by an automated recording. Upon calling the telephone number, the recipient is greeted with "Welcome to the bank of ..." and then asked to enter their card number in order to resolve a pending security issue.

For authenticity, some fraudulent e-mails claim the bank would never contact customers to obtain the PII by any means, including e-mail, mail and instant messenger. These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain "malicious software aimed at capturing login credentials."

Spam e-mails may look authentic, but can actually contain malicious code (malware) which can harm computers. Do not open any unsolicited e-mail and do not click on any links provided.

A new version recently reported involved the sending of text messages to cell phones claiming the recipient's online bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

If you have a question concerning your account or credit/debit card, you should contact your bank using a telephone number obtained independently such as from your statement, a telephone book or another independent means.

If you have received this, or a similar hoax, please file a complaint at www.ic3.gov.

Platforms & Programs