What is Vishing?
"Vishing" or "Voice Phishing” is the act of leveraging a new technology called Voice over Internet Protocol (VoIP) in using the telephone system to falsely claim to be a legitimate enterprise in an attempt to scam users into disclosing personal information. Government, financial institutions, as well as online auctions and their payment services, can be targets of Voice Phishing.
Methods of transmission:
- typically an incoming recorded telephone message uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization
- the message uses an urgent pretext to direct unsuspecting users to another telephone number
- the victim is invited to punch their personal information on their telephone keypad
- criminals capture the key tones and convert them back to numerical format
Different variations of the scam:
- the potential victim is contacted by a phishing e-mail and directed to a VoIP-based telephone number
- the potential victim receives a telephone call from another individual with a spoofed caller ID
- the potential victim receives a recorded incoming call with a spoofed caller ID directing them to a phishing site
The content of the incoming message is designed to trigger an impulsive reaction from you. It can use:
- upsetting or exciting information
- demand an urgent response
- use a false pretense
- is not normally personalized
Information at risk:
Any numerical personal information:
- payment card information (numbers, expiry dates and the last three digits printed on the signature panel)
- PIN (Personal Identification Number)
- social insurance number
- date of birth
- bank account numbers
- passport number
Potential uses of your information:
- control of victim's financial accounts
- open new bank accounts
- transfer bank balances
- apply for loans
- credit cards and other goods/services
- luxury purchases
- hide criminal activities
- receive government benefits or
- obtain a passport.
How to prevent:
- As a general rule, be suspicious when receiving any unsolicited incoming communication.
- Never provide personal information in these circumstances.
- Never rely solely on your telephone caller ID function.
If you’re suspicious:
- Consumers have a role to play in stopping vishing scams. You are encouraged to Recognize it, Report it and Stop it.
- Do not react immediately without thinking.
- If this concerns you, investigate by using telephone numbers known to be valid. In the case of credit cards for example, use the telephone number printed on the back of the card.
- Never provide personal or financial information to non-validated sources.
Are you a victim?: If you have provided personal information:
Step 1. Contact all compromised card issuers.
Step 2. Contact your credit bureau.
Step 3. Report the incident Canadian Anti-Fraud Centre.