Are You Ready for Vishing?

SCENARIO/METHOD: Vishing Scams Use Phones Instead of Fake Websites

In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: "Welcome to account verification. Please type your 16-digit card number."  The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of "vishing" , short for "voice phishing",  say the frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions.  In fact, some vishing attacks don't begin with an e-mail. Some come as calls out of the blue, in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy, the caller ask for the valuable three-digit security code on the back of the card.

Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

LOSS PREVENTION RECOMMENDATIONS :

Be educated on “Phishing” and "Vishing"

• Old Hickory Credit Union will never solicit personal/private information via e-mail.
   
• Never click on the link provided in an e-mail you believe is fraudulent.
   
• Do not open an attachment to an unsolicited e-mail unless you have verified the source.
   
• Do not be intimidated by an e-mail or caller who suggest dire consequences if you do not immediately provide or verify information.
   
• If you believe the contact is legitimate, go to the Old Hickory Credit Union's website (www.ohcu.org) by typing in the site address directly or using a page you have previously book marked, instead of a link provided in the e-mail.
   
• Use the FTC (Federal Trade Commission) website, http://www.onguardonline.gov/. You can take interactive quizzes designed to enlighten them about identity theft, phishing, spam and online-shopping scams. Elsewhere on the site, you can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft.

If you are a victim of a "phishing e-mail" take appropriate steps to help protect yourself.

• Block and reissue the compromised credit/debit cards.
   
• Report to credit bureau.
   
• Order credit report.