'Vishing' scams attempt to gain personal information
Are you one of many who have received an e-mail, text message, or telephone call, purportedly from your credit card/debit card company directing you to contact a telephone number to re-activate your debit or credit card due to a security issue? The IC3, (the FBI’s Internet Crime Complaint Center) has received an increasing amount of reports on different variations of this scheme known as “vishing.” These attacks against Arkansas and US financial institutions and consumers continue to rise at an alarming rate.
Vishing operates like phishing; that is, by persuading consumers to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated. Recipients are directed to contact their bank using a telephone number provided in the e-mail or by an automated telephone message. After calling the telephone number, the recipient is greeted with “Welcome to the bank of …” and then they are requested to enter their card number in order to resolve a pending security issue.
For authenticity’s sake, some fraudulent e-mails claim the bank would never contact customers to obtain the PII by any means, including e-mail, mail, and instant messenger. These e-mails further warn recipients not to provide sensitive information when requested in an e-mail and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.” (Please beware; spam e-mails may actually contain malicious code (malware) which can harm your computer. Do not open any unsolicited e-mail and do not click on any links provided.)
In these recent telephone calls to debit and credit cardholders, the criminals are attempting to obtain enough information to perform fraudulent internet and other “card-not-present” transactions. Unless you have initiated this transaction by placing the call or order, you should never give out this information. If a criminal obtains your PIN number, the three-digit security code on the back of your card and your other card information, the criminal may be able to obtain authorization for fraudulent transactions.
Under a similar scam, a telephone call is placed to a legitimate cardholder. The caller claims to be a representative from VISA or MasterCard informing the cardholder of suspicious card activity. The caller provides details of an unusual transaction and asks if the cardholder made this purchase, which, of course, the cardholder did not. The cardholder is then asked to verify possession of the card. To do so, the cardholder is asked to read the three-digit security code on the back of the card. The fraudster then provides a control number in the event the cardholder needs to call back with questions, making the call seem legitimate.
The caller does not ask for the credit or debit card number. The fraudster already has the card number; what they don’t have is the three-digit security code from the back of the card, and that is what they are after with this scam.
A new version recently reported involved the sending of text messages to cell phones claiming the recipient’s online bank account has expired. The message instructs the recipient to renew their online bank account by using the link provided.
Due to rapidly evolving criminal methodologies, it is impossible to include every scenario. Therefore, be aware and protect your PII. Beware of e-mails, telephone calls, or text messages requesting your PII.
If you have a question concerning your account or credit/debit card, you should contact your bank using a telephone number obtained independently such as; from your statement, a telephone book, or another independent means.