How-To Guide: Scams, Phishing and Vishing

Q.   What are Scams, Phishing and Vishing?

A.

Scams:

A scam is an attempt to mislead a person or persons into agreeing to give money or share personal information.   Internet access and phone calls are two ways that scammers are tricking people, especially the elderly, into agreeing to comply with their requests for Social Security numbers, credit card information, bank account information, etc.  Once the scammer has this info, it is easy for him/her to charge items to your credit card or bank account or even to steal your identity. 

Phishing:

Phishing is a term used for internet scammers who imitate legitimate companies in emails to obtain or “fish” for personal and private information. 

  • The email looks like it comes from a bank, credit card company or PayPal or even eBay and usually tells the recipient that his/her account has been compromised and needs certain information confirmed. 
  • The email generally instructs recipients to click on a link in the email to confirm their personal information. The link then usually connects to a bogus site where scammers can steal the information.  

Ways of Preventing Phishing:

  • Be aware that legitimate companies never ask customers for password information.  That information is private and is only known by the user.
  • Always ensure that you’re using a secured server when submitting credit card information.  To make sure that you are using a secured server, check the web address in your browser address bar.  It should be https:// not http://
  • Never open unsolicited emails.  
  • Don’t reply to email or pop-up messages that ask for your personal or financial information.
  • Don’t click on links in the message of the email.
  • Don’t email personal or financial information.
  • Be cautious about opening any attachment or downloading any files from emails, especially if you do not know the sender.
  • Contact your bank or Credit Card Company immediately if you think you may have replied to a fraudulent email.
  • Review credit card and bank statements as soon as you receive them.
  • Use anti-virus, anti-spyware software and a firewall and update them regularly.

Vishing:

Vishing is a type of fraudulent activity that happens over Internet Phone Systems.  This type of scam uses Voice Over Internet Protocol or VoIP.  Vishing works in two different ways.

  • Online version:
    • The scammer sends an email (usually appears to be from a financial institution, payment service or credit card company) urging the recipient to call a telephone number to straighten out a problem with their account.
    • When the victim calls, they reach an automated attendant, asking the victim to enter their account number, password or other private information via telephone keypad for verification purposes.
  • Automated Dialing Program (VoIP):
    • Some “vishers” use an automated dialing program to make “cold calls” to victims.  A prerecorded message claims the victim’s account has been compromised or needs to be updated.
    • The victim is then asked to enter personal or private information using the telephone keypad.  This information is digitally transcribed onto the hard drive of the scammer’s computer.  He/she now has all the information needed to make charges to an account. 

Ways of Preventing “Vishing”:

  • If you suspect the call is not legitimate, hang up.
  • Credit card companies do not use prerecorded messages to obtain information which they already have on record.
    • If you get a call asking for the 3 digit security number on the back of your credit card, hang up.
    • Immediately call your Credit Card Company or bank using the number on the back of the card to report the matter.
    • If you get an email asking you to call a toll free number to verify account information, delete the email.
  • Be suspicious of any call or email that doesn’t use your first name or surname.
  • Never dial a return number or reply to an email that request financial information. Instead call your financial institution to inquire whether there is a problem with your account.
  • If you believe the contact is not valid, go to the company’s web site by typing in the URL as you know it. 

 

 

[Posted on May 2, 2007]

 







© 1997-2008, Center for Schools and Communities or its affiliates.