Awareness : Security Awareness Tips

Internet Scammers Using Fake Phone Numbers

Phishers, those devious and annoying scam artists who fill your inbox with schemes to steal your personal information, have devised a new approach using fake company phone numbers to relieve your concerns about clicking on links in emails.

Called vishing, it’s a new, evolved form of phishing, the method of tricking people into providing their personal, financial, and other sensitive information using fake emails and websites that mimic the look of real companies.

Vishing combines social engineering with the use of the phone system to gain access to a victim’s personal sensitive information.

Due to greater publicity about phishing and other online scams, people are much more aware of the fact that an email containing a web link could be fake and malicious. So rather than stealing user information by using a web link to a phony banking or other e-commerce site, criminals are luring victims to something seemingly more credible, such as a toll-free phone number where a recording asks for account and other sensitive information.

Consumers receive the usual convincing email that looks like a genuine alert. However, instead of being directed to a website to resolve the issue, they are given a phone number to call. The email may even warn the user to beware of clicking on fraudulent links in emails. Those who call this fake customer service number are greeted with a pirated recording of an automated voice system, ostensibly for the bank or other institution.

They are then led through a series of voice-prompted menus that may ask for credit card number, PIN code, card expiration date, date of birth, and other sensitive information. Once the victim enters these details, the visher has enough information to commit fraud or identity theft.

To protect yourself, be highly suspicious when receiving messages directing you to call and provide credit card numbers, bank account numbers and other sensitive information. Rather than provide any information, contact your bank, credit card, or other company using a known number – such as the customer service number on the back of your card – to verify the validity of the message.

Posted: July 16, 2008