What is "Vishing"?

Vishing Scams Use Phones Instead of Fake Websites

In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing", short for "voice phishing", maintain that these frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks do not begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy and the caller only asks for the valuable three-digit security code on the back of the card.
Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

HOW TO PREVENT LOSS:

• Never call a number you receive from a spam email, and certainly do not enter in any private information if you make a mistake and do call. If you want to call your financial institution, use the normal phone number you regularly use, not the phone number you get in an e-mail.
• Remember that your credit union will NEVER solicit personal/private information via e-mail.
• Never click on the link provided in an e-mail you believe is fraudulent.
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company's website by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
• Use the FTC (Federal Trade Commission) website, www.onguardonline.gov. You can take interactive quizzes designed to educate you on identity theft, phishing, spam and online-shopping scams. You will also find detailed guidance on how to monitor your credit history, use effective passwords and recover from identity theft.

If you are a victim of a "phishing or vishing e-mail," feel free to contact us at (989) or (800) 835-7794. You may also wish to take appropriate steps to protect yourself by cancelling your compromised credit/debit cards, reporting the incident to the credit bureaus, or by ordering a copy of your credit report from any or all of the following:

• Equifax: 1-800-525-6285; www.equifax.com
• Experian: 1-888-397-3742; www.experian.com/fraud
• TransUnion: 1-800-680-7289; www.transunion.com