Upgrade to Apple Watch Series 8? National Coffee Day Fitbit Sense 2 'Hocus Pocus 2' Review Kindle Scribe Amazon Halo Rise Tesla AI Day Best Vitamins for Flu Season
Want CNET to notify you of price drops and the latest stories?
No, thank you

An introduction to vishing

Vishing refers to voice based phishing scams.

This introduction to vishing is offered in the hope that being aware of it makes you less likely to fall for a vishing based scam.

Vishing is short for voice phishing. Voice refers to the fact that the scam is perpetrated over the phone. Phishing is a scam designed to "criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity..." according to Wikipedia.

As people get less trusting (deservedly so) of email, the bad guys hope victims put more faith in phone numbers.

A recent article by Brian Krebs at WashingtonPost.com, The Anatomy of a Vishing Scam, describes a particular scam in detail and offers an education by example. In the case Brian describes, the initial contact with the victim was by text messaging to a cellphone, but it could just as well have been via email or instant messaging.

The crucial point is that just because someone or something says that a phone number belongs to a bank or credit union doesn't make it true.

In the old days, tracing a phone number to its true owner was no big deal. But now, according to Brian "the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down."

The story is likely to be that something bad has happened to your bank account, or is about to happen to it, and unless you call the phone number immediately you can kiss your money good-bye. The scammer hopes the story will scare you to the point that you don't even consider the validity of the phone number.

Call your bank or credit union, but call the number in the phone book or on your statements. If it's a scam, they should appreciate the heads up. They may not, but they should.

See a summary of all my Defensive Computing postings.