advertisement
If you receive an e-mail telling you to verify your bank account immediately by calling a number, watch out. You may be dialing a scammer.
It's a twist on the phishing scams that began in 2003. In the most common form, a phishing con begins with a bogus e-mail designed to look like it came from a financial institution. It's sent out en masse and includes a link to a fraudulent Web site designed to steal financial information. Victims click on the link and fill in their account numbers, and away go the thieves.
Law enforcement calls the new con "vishing" -- voice phishing.
It's made possible by use of voice-over-Internet-protocol (VoIP) phones, which allow users to set up new phone numbers quickly with any area code. In some cases, fraudsters skip e-mail altogether and "cold call" consumers -- phoning at random for financial information. Some calls involve automated messages; some calls are live.
'Welcome to account verification'
Take the case of Santa Barbara Bank and Trust customers, who were told in an e-mail that their online accounts had been disabled due to unauthorized access attempts. They were given a local California number to call. Those who did were prompted to provide account information.Customers of the online money-transfer service PayPal experienced a similar attack a month after the Santa Barbara scam. In an e-mail claiming that the customer's PayPal account had been compromised, victims were directed to dial an 805-area-code number that simply said: "Welcome to account verification. Please type your 16-digit card number."
More from MSN Money
Typically scammers push these e-mails out shotgun-style, hoping to hit at least some people who would find the message relevant. Bettencourt says that the names of well-known banks and companies often get targeted for this reason, as many of the people contacted likely hold accounts.
Cold-call vishing
Another form of vishing skips right to the phone call. Again, masses of people are contacted randomly via an automated dialing program, also known as a war dialer. Victims who answer the phone will hear a recorded message claiming their account has been compromised or needs updating or verification. They are then prompted to enter account information or credit card numbers.In either case, anything typed into the phone gets digitally translated onto the hard drive of the scammer's computer the same way banking voice-mail systems translate vocal or typed information.
Video on MSN Money
R.I.P. identity theftEven the dead aren't safe. Learn how to keep thieves from stealing a departed loved one's name and credit.
A caller ID device may even list a legitimate-looking local number. But caller ID information can't be trusted. "The phone number may not even relate to the locale of the call being made," says Ronald O'Brien, a senior security analyst with Internet security firm Sophos.
If you receive such a call, hang up immediately. Banks don't use recorded messages when they need to contact you for security reasons. If a problem occurred, you'd get a real person who'd say he or she was calling from the fraud-control department, O'Brien says.
Continued: How to protect yourself
Rate this Article
High
