By now most people have heard of phishing the scam where you receive a convincing-looking e-mail asking you to verify account information with Paypal or a bank. But when you click the link on the mail, you’re sent to a fake (but equally convincing) web site where the details you enter become the property of the scammer and you can easily find yourself the victim of identity theft.
Phishing still happens, and people still fall victim to it, unfortunately. But more and more people have become wise to the trick, so the criminals have come up with a new wrinkle. Instead of sending you a link in an e-mail, they ask you to call a phone number. It’s phishing by voice, which people have dubbed vishing.
How It WorksYou receive an e-mail purporting to be from Paypal or your bank. It tells you that your account’s been compromised and asks you to call a phone number. There’s a sense of urgency to it – the mail might say you have 48 hours to respond or your account will be suspended, for instance.
However, there have also been instances of cold calling, where you pick up the phone and receive an automated message saying there’s a problem with your account, and prompting you to enter your details.
The problem comes when you respond to either the e-mail or the phone message. You’re taken into an automated voice system that claims to belong to the bank or whoever you’re dealing with and that seems as official as anything a proper institution would use, and prompted for all the details on your account. At the end you’re thanked and disconnected. The first you know that you’ve been scammed is when money begins vanishing from your account (or extra charges appear on your account).
There have been instances in America of people receiving calls from real people to try and achieve the ads, usually claiming to be from a phone company, and offering a special discount. All they needed was some information – although, according to utility spokespeople, no one responded.
How to Avoid the ScamThe simplest way to avoid being scammed is not to respond to the e-mail or phone call. Look carefully at the e-mail – does it have your name on it? It won’t, but no real institution would send you a mail without identifying that it was for you. Likewise, no bank would use a computer call to say your account had been compromised.
Never assume something is legitimate. Even if you receive a call from a person, call them back on the number you have for your bank. Even if the calls seems to originate from a probable code – 0207, for instance – don’t believe it. With VOIP (Voice over IP), you can get a number anywhere in the world; it means nothing, and setting up an automated response system can prove to be well worth the expense.
We’ve become educated enough to doubt links in e-mails. But we still tend to accept that a phone number must make everything real. To stop being scammed, you have to be more cynical and never take anything at face value. Call the bank or institution to check on the mail, but use the number from your card or statement.
Simply put, don’t believe a word and you’ll be much safer.