What is Vishing?
Vishing (a combination of the words Voice and Phishing) is a phone scam in which fraudsters target individuals by phone and use “social engineering” to trick the victim into divulging personal, financial or security information.
Vishing involves a fraudster phoning a potential victim, claiming to be someone from a bank, card company, the Gardai or a service provider such as a telephone company or internet provider. Social engineering in this context means that they use tactics to trick the victim into believing that they are a legitimate and trusted representative of the organisation they claim to be from and that it is in the victim’s interest to give them their personal information.
The information they request can include personal, financial and security information such as debit or credit card details, PIN number, online banking details, password and personal details such as name, address and date of birth. This information is then used to access the victim’s bank account or carry out transactions with their card.
Variations of Vishing
In some cases the fraudster may persuade the individual to carry out a money transfer from their account or to carry out a procedure on their PC or laptop in order to “fix a problem”. In order to “fix the problem” they request the individual’s card number or in other cases, talk the victim through a process that downloads malware on to their electronic device.
Another variation on this type of fraud is known as “courier fraud”. The fraudster makes contact with the victim by phone, advising them that something is wrong with their card and asking for personal information in relation to the card. They then advise the cardholder that they will send a courier to collect the card.
There have also been cases where the fraudster encourages the victim to check the validity of their identity or to make an immediate report to the police. When the victim hangs up, the fraudster holds the line open (by not hanging up). When the victim picks up the phone again to ring the genuine company or the Gardaí they do not realise that they are still talking to the fraudster.
How to avoid a Vishing attack
- Never disclose your 4 digit PIN number or your online banking User ID’s, passwords or PIN to anyone
- Be wary of any unsolicited phone contact. Never divulge personal information until you have validated that the caller is a genuine representative of the organisation they claim to represent. You can do this by:
- Taking the callers number and advising them that you will call them back once you have validated their identity
- Look up the organisation’s phone number (by using the phone book or their website) and make contact directly with them to validate the caller
- Do not validate the caller using a phone number they have given you (this could be a fake number)
- If the caller is genuine, they will understand and welcome your need to validate their identity.
- Fraudsters may already have basic information about you in their possession (e.g.name, address, account details), do not assume a caller is genuine because they have these details or because they claim to represent a legitimate organisation
- Remember that it takes two people to terminate a phone call, you can use a different phone line to independently check the callers identify if you feel safe
Your bank or the Gardaí will never:
- Ask for your credit or debit cards 4 digit PIN
- Request you withdraw money to hand over to them or transfer money to another account, even if they say it is in your name
- Come to your home to collect your cash, payment card or cheque book
- Ask you to purchase goods using your card and then hand them over for safe keeping.