Voice phishing, sometimes referred to as 'vishing', is when fraudsters phone their victims and pose as authority figures like bank officials or service providers. They manipulate their targets into disclosing confidential and sensitive information (such as ID numbers, PIN numbers, passwords etc) and then use this information to commit fraud.
Vishing works like phishing emails, but is just telephonic. A fraudster could use both these techniques in combination.
Don’t underestimate something as seemingly harmless as a phone call
How it works
Technology has made it easy for fraudsters to place phone calls through the internet, which makes it nearly impossible to trace the number back, and catch, these fraudsters.
The voice is a robot
Vishing attacks rely heavily on software that allows the fraudsters to robo-dial numerous people at once. When you answer, you’ll get a machine. Part of their social engineering tactic is to pick a number that will look familiar to you. Hang up immediately.
The voice is real person
Sometimes, there will be a person on the other end of the line. Most of us simply aren’t cynical enough to suspect someone who is calling us – and has personal information about us - to be anything but genuine.
The fraudster will often create a sense of urgency. For example, he/she might pretend to be someone from Visa who tells you of suspicious activity on your card - you need to act right away to stop it.
In this case, ask the caller for specific information that someone in his/her position should have.
They’re calling from Visa? What are the last four digits of your number?
It’s your bank? What’s your account number?
However, even if the fraudster has this information, it could also mean that he/she went out of his/her way to collect information on you and believe that you’re a good victim.
Latest vishing scam - Unclaimed rewards
You receive a phone call from your ‘bank’ to inform you of your unclaimed rewards. To claim your rewards, you must be authenticated and this involves sending a one time PIN to your cellphone. The fraudster will ask you to tell them what this PIN is.
What’s really happening? The fraudster has your credit card details and is trying to make an online purchase. All he/she needs is your one time PIN to complete the transaction.
He/she also might have your online banking details and require you to click on ‘Accept’ or ‘Press 1’ to confirm it’s you. In reality, you’re authorising fraudulent online transactions on your account.
Four things you can do
- Tell the caller that you can’t talk right now and will call back in a minute. Then call the company directly he/she is claiming to be from and enquire about this call2
- Never give anyone a one time PIN over the phone
- Never click on ‘Accept’ or 'Press 1’ if you are not logged into your online banking
- Contact the 24/7 global Client Support Centre immediately if you think that your personal information was compromised in any way