Beware: First phishing, now vishing

[Narayanan R]

Beware: First phishing, now vishing

 

January 19, 2007

 

Most computer users know about "phishing" — the act of sending an e-mail to a user claiming to be a legitimate enterprise in an attempt to scam the user into giving information that will be used for identity theft and fraud.

But now there's "vishing," which is short for voice fishing.

 

This act has come into being because of the proliferation of Voice over Internet Protocol (VoIP) phones.

 

One version works online, where the con artist sends an email reporting a "security" problem with the recipient's account and urges the victim to call a telephone number to "straighten things out."

 

When the victim calls, he or she reaches an automated attendant prompting them to enter an account number, password or other private information for "security verification" purposes. Entering the number on the phone is as good as typing it into the computer.

 

Some vishers use automated dialing programs. A prerecorded message (or sometimes a live "employee") claims the victim's account has been compromised or needs updating or verification.

 

TIPS TO AVOID VISHING SCAMS:

 

1) Typical vishing e-mails imply urgency, ask you to verify account information, and may contain misspellings.

 

2) If you receive a vishing phone call, hang up. Call your bank, using the phone number on the back of your debit or credit card, and report the matter.

 

3) Banks do not use prerecorded messages to handle security issues.

 

4) Do not automatically trust a phone number based on its area code.

 

The original article is available at the following link:

http://www.crime-research.org/news/25.01.2007/2472/

Regards,

Narayanan.R

Asian School of Cyber Laws