About Us Contact Us
The Ohio Educational Credit Union
News & Scholarships Savings Services Loan Services Convenience Services Membership & Packages
  News & Scholarships
Home
e-22nd Street Online Banking
 
News
Newsletters
Annual Report
 

SMiShing | ViSHing | Children targeted for identity theft | Phishing | SaSS -- GSNEO | Cake Auction
"ViSHing" Scams

Using computer phone technology for identity theft.

"ViSHing," similar to "PhiSHing" scams, rely on Internet telephone calls rather than email to steal consumer's identities. ViSHing is typically used to steal credit card numbers or other personal information used in identity theft schemes.

Most consumers now know better than to click on e-mail links from unknown senders, so "ViSHers" are dropping links for phone numbers. To make requests appear legitimate, spoofed e-mail headers and camouflaged Caller ID information is used.

Victims report receiving either an e-mail that appeared to originate from their institution, or a phone call claiming that their account had experienced fraudulent activity and required immediate attention. When the supplied number is called, an automated system, much like legitimate customer service systems, instructes the unsuspecting victims to enter their account number in order to be connected to a customer service representative.

What sets "ViSHing" apart from run-of-the-mill Phishing is the use of Voice over Internet Protocoal (VoIP) and computers to execute the attacks. War dialers sequentially call numbers in a given region, to pull in the maximum number of potential victim in a selected area.

"ViSHing" exploits the public's trust in landline telephone services, which traditionally terminate in a physical location known to the telephone company, and associated with a business or individual. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the systems user.

Common sense is the best form of defense with any type of scam.

If contacted by a company you do business with and you're asked for your personal information, thank them for alerting you to the problem and hang up. Then call the customer service number listed on the back of your credit card or on other verifiably genuine correspondence.

If there is an actual problem, it can then easily be resolved, however if you were targeted in a "ViSHing" attempt, your information will stay secure and the institution being spoofed will now be aware that their customers are being scammed.

   "ViSHing" Scams Using computer phone technology for identity theft.

Loss Prevention Recommendations

  • Don't display your phone number or e-mail address in public. Including newsgroups, chat rooms, Web sites, or membership directories.
  • Call the customer service number listed on the back of your credit card or on other verifiably genuine correspondence.
  • Check the privacy policy when submitting your wireless phone number or e-mail address to any Website. Find out if the policy allows the company to sell your information.
  • Do not, under any circumstances, provide personal information to unknown sources.
  • Before submitting financial information
    through a website, look for the "lock" icon on
    the browser's status bar.
  • Review credit card and other account statements as soon as you receive them to determine whether there are any unauthorized transactions.
  • If a statement is late by more than a couple of days, call the credit card company or credit union to confirm your billing address and account balances.
  • Report suspicious activity to the FTC.
  • Send the actual spam/phish to www.ftc.gov.
  • If you believe you are a victim of identity theft, file a complaint at www.ftc.gov and visit the FTC's Identity Theft Website (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from the identity theft.
  • If you suspect you're a victim of identity theft, place a "Fraud Alert" on credit bureau records.