Skip to content


Vishing Season


I won your auction for your Dell Inspiron 6000 and tried to pay you through PayPal but the payment would not go through. Please send me your PayPal information so I can pay you asap!

Most of us are wise to such email phishing scams. Not getting enough bites using old-school phish bait, new-school scammers are turning to vishing.
When scammers spoof a trusted email address, such as eBay or your bank to gain your private account information, the scam is called Phishing.The scammers typically state that someone has possibly gotten into your secure account. To confirm that your account is still safe, the scammer, posing as a trusted source, demands that you check your account. For your convenience, the scammer provides you with a link to the trusted website. The website associated with the link, however, is a link to a website the scammer mocked up to look like the trusted website. When you type your login information, the information goes right to the scammer who then uses the information to wreak havoc on your account.

Vishing is similar, but it involves your phone. Standard vishing involves an email directing you to call a phone number to discuss fraudulent activity on your account. Sometimes the scam initiates with a phone call, but people are generally more wary of someone who calls them, as opposed to someone they call themselves. In either case, the caller gives you a little publicly available information about your account and then requests that you provide some confidential information in return to confirm you are the owner of the account. Once the scammer has your private information, they can use it to make purchases on your credit card, drain your bank account or steal your identity.

A new wave of vishing scams are sweeping the country. Companies like telespoof offer the ability to spoof your phone number. Salesmen, debt collectors and private investigators all use this technique to speak to people who would not otherwise pick up the phone. More evil-minded individuals have, in some cases, used this technique to access the phone mail of others or redirect their calls. Most commonly, scammers use phone spoofing to extract confidential information from people. While very few people will give confidential information to someone who comes up on the caller ID as Caller Unknown many more would be inclined to give bank information to a call that came up on the caller ID as the name of the person’s bank.

To aid in the ruse, the scammer typically again offers you some commonly available information about your account. The scammer then mentions there is possibly a problem with your account, but states that before he/she can discuss the matter further, he/she needs you to provide a password, social security number, or other confidential information. Relying on the caller ID, you give the information to the scammer who then uses the information to convert your life savings to his/her ends.

Voice over IP (VOIP) systems are even more vulnerable to security intrusions and the types of viruses that affect email and internet browsers. VOIP is also more susceptible to interception and manipulation than standard landline calls. Scammers can also use VOIP directly. SPIT, or spam over internet telephony is just around the corner. SPIT involves transmitting millions of phone calls over the internet for little or no money. Security measures are being implemented to prevent these abuses, but the scammers have to stay one step ahead of the controls to survive.

Although there are no federal laws specifically addressing these activities, they generally constitute fraudulent practices under most state laws. While some state laws may provide a private cause of action, your best bet is to avoid the problem altogether. How do you protect yourself? Here are some simple steps to avoid falling prey to any type of phishing/vishing scams:

1) Never give any confidential information to anyone initiating the call. If you must provide them with confidential information, you initiate the call to a number you verified yourself, not the number they gave you.
2) Never visit a website identified in an email. If you must visit the website, type the uniform resource locator in yourself, do not rely on the website information they provide you. Scammers can make their website look like anything.
3) Never respond to unsolicited phone calls or emails. The more you speak to them, the more likely they are to call you again or sell your name to another scammer.

If you have been involved in a phishing/vishing scam, contact an experienced internet attorney to discuss your options. While it is unlikely you will be able to recover your money, you may be able to reduce the likelihood of a recurrence.

Other Related Topics:
, , , ,

Posted in Internet Law. Tagged with .