FRB Federal Credit Union Security Brief

NEW ALERT: Vishing scams use phones
instead of fake web sites

A new form of identity theft has recently surfaced: "vishing," which is short for "voice phishing." In this scam, identity thieves send spam e-mail supposedly warning victims that their credit union accounts or other accounts have been compromised. However, unlike typical phishing e-mails, these e-mails give no web site address to go to. Instead, the victim is urged to call a phone number to verify account details.

If the victim calls the number, an automated voice message says, "Welcome to account verification. Please type your 16-digit card number." The goal is to get victims to enter their credit or debit card numbers. The credit union account or other account is not mentioned. Security experts say this scam is particularly insidious because it imitates the legitimate ways people interact with financial institutions.

Some vishing attacks don't begin with an e-mail but with a telephone call in which the caller already knows the recipient's credit card number. This increases the perception of legitimacy. The caller then asks for the valuable three-digit security code on the back of the card.

Vishing appears to be spreading because Voice over Internet Protocol, or VoIP, enables cheap and anonymous Internet calling. Also, caller ID boxes can now easily be tricked into displaying erroneous information.

Tips for Preventing Loss

• Never call a number given in a spam e-mail. But if you make a mistake and do call, certainly don't enter in any private information. If you want to call your credit union, use the phone number you regularly use, not the phone number you get in an e-mail.
• Remember that the credit union will never solicit personal, private information by e-mail.
• Never click on the link provided in an e-mail that you believe is fraudulent.
• Do not be intimidated by an e-mail or a caller suggesting dire consequences if you do not immediately provide or verify information.
• If you believe the contact is legitimate, go to the company's web site by typing in the site address directly or using a page you have previously bookmarked. Do not follow a link provided in the e-mail.
• Go to the federal government's OnGuardOnline web site and take the interactive quizzes designed to educate you about identity theft, phishing, spam, and online-shopping scams. Also, read the detailed guidance on how to monitor your credit history, use effective passwords, and recover from identity theft.