Vishing starts with a phone call and could end with the victim losing money or important personal information. Phishing scams use suspicious emails to target their victims, and vishing does the same thing over the phone. Many users know to be wary of scams online; they should be just as skeptical on the phone.
The scammers often use caller ID spoofing to imitate a trusted phone number or caller. Caller ID spoofing can make the call appear to be from a financial institution or government agency. After all, people may feel like they need to pick up the phone when they see the “IRS” or the name of their bank in the caller ID.
The caller may be a real person or a robotic voice. Two common examples of vishing scams are IRS and computer support scams, though there are plenty of other vish in the sea.
IRS vishing
The scammer poses as an IRS agent and claims that the potential victim owes taxes. The scammer may insist that their call is a “final warning” or threaten to contact the police—tactics to make the victim panic. The scammer then demands immediate payment, often through a wire transfer or prepaid gift card. Scammers may put a twist on this method by warning of an IRS “lawsuit” and telling the victim to call another phone number to share personal information.
Yet another vishing strategy is claiming that the victim is owed a tax refund. Sounds great, right? It’s certainly a great way to tempt victims into spilling personal information.
One of the phishy things about these “IRS” calls is that the scammers want payment or personal information immediately. The IRS allows citizens to question or appeal the amount they owe. The IRS will not ask for credit card numbers over the phone or insist on payment through a certain method, like a wire transfer. Of course, the phishiest part of all is that the IRS only contacts people about owed taxes by letter. They do not call about tax returns.
Computer support vishing
In this case, the scammer claims to be from a software or IT company. They may tell their victim to visit a Malware-ridden webpage to “test the network”—but the real goal is to infect the user’s machine. Or the scammer may ask for the serial number of a printer or other machine. Other scammers claim that a virus infected the victim’s computer and offer to remove it—for a fee. Along with taking victims’ money, the scammers may tell them to download software that gives the scammers remote access to the computer. From there, scammers can steal or destroy the victim’s files and abuse the victim’s network connection.
Some of these scammers may rattle off a victim’s specific computer serial number. Does this mean that the caller is legitimate? No. Having this information does not prove that the caller works with a real software or IT company.
What to do
What should you do if you receive a suspicious call? Hang up the phone. The best way to determine if the call was legitimate is to visit the website of the alleged agency or company and call the official telephone number listed on the website. Only call the number that you find through official channels; do not call the one given to you by the suspicious caller.
You can also report the number to the FTC by visiting www.ftc.gov or calling (888) 382-1222. Note the number and name on your caller ID, as well as the information the caller requested.
Be suspicious of calls that tell you you need to pay money or share passwords, credit card numbers, and other personal information. Just as you should Think B4 U Click: Think B4 U Speak!