Latest Updates on COVID-19
UPDATE: Beginning Monday, March 23 we will have modified branch hours. Review details and our latest update on COVID-19. Learn More
How to Prevent and Report Vishing Fraud
Your phone rings, but you don’t recognize the number, so you let it go to voicemail. A few hours later, you check the recording only to find an automated voice telling you that you didn’t pay all your taxes and that if you don’t call that number back within 24 hours, you could face a massive fine or worse—go to prison. Your first instinct might be to panic and try to remedy the situation, but the best thing to do is think through the situation. Did you pay your taxes? Yes. Did the call sound legitimate? Not really. If you Google the number, is it linked to the organization? No.
You were probably the victim of a vishing call.
What Is Vishing Fraud?
At its core, vishing is a form of social engineering attack where criminals use voice calls—both live and automated—to convince you to divulge personally identifiable information like your credit card details, social security number, or bank account number. They do this by using fear tactics that are intended to make you believe that owe money or have been compromised in some way. The topic of these messages can include a warrant for your arrest, taxes owed, or problems with your bank account. And once the attacker has access to the data they need, they likely have enough information to get a hold of your finances or compromise your identity.
Because of their lack of quality or exaggerated claims, these calls can sometimes be easy to identify for what they are—but that doesn’t make them any less intimidating. Criminals have refined their approach, pretending to be institutions of high authority and scaring individuals with significant consequences. With this in mind, the best thing we can do is be prepared. That means being able to identify what a vishing call looks like, protecting our personal information, and reporting these calls when they happen.
Stay protected with our ID Theft Protection PackagesProtect your future today
What Does Vishing Look Like?
Many people fall victim to vishing scams, and in 2018, almost 30% of all incoming calls to phones were scams. This is because the more persistent the calls get, the more convincing they can seem. Along with this, according to ProofPoint’s 2019 State of the Phish report, only 18% of people had a full and clear understanding of what vishing was. To fix this, we’ve highlighted some of the common examples of what a vishing call can look like.
- Bank impersonations: The caller will state that there is suspicious activity on your bank card and ask for personal information. They will state that this is urgent and ask you questions about your purchases, your travels, and your PIN.
- Government impersonations: The caller might state that there is something wrong with your taxes, or pretend to be from the Social Security Administration needing to confirm personal information, among other things.
- Tech support: The caller states that there is something wrong with your computer and they need specific personal information to gain access to it and repair it.
- Prizes or contest: The caller states that you’ve won a contest that you never entered, or a cruise or vacation, and need your personal information to confirm the winnings.
Protect Yourself from a Vishing Attack
It’s expected that by 2020, vishing fraud is going to be more rampant and more difficult to identify. As such, it’s important that you stay aware of the techniques that can help you stay aware and vigilant about who you give your information out to. At Citadel, we’ve created a list of things to do if you feel that you’ve fallen victim to a vishing call.
- Check if the number calling you is legitimate by doing a quick search online. If it isn’t, hang up immediately.
- Ask the caller for their customer service number so that you can call them back and confirm the request.
- Remember that an institution like the IRS will never ask for financial details over the phone—they use the mail or their digital platforms for that.
- Report the call to the institution that the caller claimed to be from and get in touch with their fraud prevention center if they have one.
Vishing fraud isn’t going anywhere—but by arming yourself with these tactics, you can protect your personal data and help ensure that other people don’t fall subject to the same issues.
At Citadel, we’ve made it our job to understand the different threats that might impact our customers.