What in the world is Vishing?

  • Article

Vishing, the latest in phishing attacks but over voice networks is getting some attention in the press more and more. The word vishing which is is short for "voice phishing" is a relatively new term. In this new twist, identity thieves are sending spam that warns victims that their bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details. The automated voice message says: "Welcome to account verification. Please type your 16-digit card number." The goal is to get the victim to enter their credit card number.

I have been meaning to post some comments on this topic for about a month or so but haven't got around to it. So the other day I ran across an article in USA today (https://www.usatoday.com/tech/news/internetprivacy/2006-07-12-vishing-scam_x.htm) about this, it is interesting. This is (or should be) a growing concern for Financial Services organizations. I know from a consumer perspective I am worried.

So let's frame this up and see how can we detour such behavior? Well let's look at the issue. You have criminals either sending out e-mails or setting up fake sites to get you as the consumer (i.e., victim) to call into a VOIP system. So when I look at this there is a good chance that the banks systems are not even touched. So how would the bank know that you have been vishing victim? The answer is that they would not.

 So if there are no automated ways to tell if this is happening thus essentially keeping the bank out of the loop technology has a minimal role in deterring this behavior, right? I believe this is more of a behavioral problem with consumers. The way to detour this is to keep customers up to date with the contact information on the online presence of your banks website and statements that are sent to the customers homes. Have a strong communication plan for incidents. Keep a listing of fraudulent vishing numbers and post them on the banks website.

The bottom line is technology can help facilitate this but it is up to the banks to have a communication and action plan in place.