X

An introduction to vishing

Vishing refers to voice based phishing scams.

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio
Michael Horowitz
2 min read

This introduction to vishing is offered in the hope that being aware of it makes you less likely to fall for a vishing based scam.

Vishing is short for voice phishing. Voice refers to the fact that the scam is perpetrated over the phone. Phishing is a scam designed to "criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity..." according to Wikipedia.

As people get less trusting (deservedly so) of email, the bad guys hope victims put more faith in phone numbers.

A recent article by Brian Krebs at WashingtonPost.com, The Anatomy of a Vishing Scam, describes a particular scam in detail and offers an education by example. In the case Brian describes, the initial contact with the victim was by text messaging to a cellphone, but it could just as well have been via email or instant messaging.

The crucial point is that just because someone or something says that a phone number belongs to a bank or credit union doesn't make it true.

In the old days, tracing a phone number to its true owner was no big deal. But now, according to Brian "the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down."

The story is likely to be that something bad has happened to your bank account, or is about to happen to it, and unless you call the phone number immediately you can kiss your money good-bye. The scammer hopes the story will scare you to the point that you don't even consider the validity of the phone number.

Call your bank or credit union, but call the number in the phone book or on your statements. If it's a scam, they should appreciate the heads up. They may not, but they should.

See a summary of all my Defensive Computing postings.