Identity theft affects more than 16 million Americans annually, costing consumers over $16 billion. Unfortunately, there are several ways for criminals to obtain an individual’s private information.
One such method is when a fraudster pretends to be an authority figure to trick someone into giving up their private information, which is called phishing. Essentially, they lay out some bait in the form of an official-looking email and wait for their target to interact with the email.
Voice phishing—also called vishing—is when a criminal tries to gain info through a phone call. In fact, sophisticated scams use a combination of email and voice fraud to appear more legitimate. To protect your identity and your financial assets, you should understand how to identify vishing attempts.
Vishing attack example
First off, some vishing attacks are simple with a goal of verifying that a phone number is still actively used; in this case, all you have to do is answer the phone. Then your number is passed along to increasingly aggressive tactics. Sophisticated vishing attacks can gradually be personalized to an individual target. You may be the intended victim of such an attack if your personal information was leaked elsewhere. For example, if your information was stolen in the 2017 Equifax data breach, fraudsters may have access to your name and address.
A typical vishing attempt follows a pattern:
- Fishing for targets: Scammers use auto-dialers to call as many people as possible. When someone finally answers, a real person comes onto the line.
- Fishing for information: Once a scammer has a person on the line, they pretend to be an authority figure, such as a bill collector, insurance agent, the IRS, the social security administration, a computer repair technician, among many others. They describe a problem, such as an unpaid bill, to get their target to give up personal information.
- Financial damage: If the fraudster obtains bank information, they may attempt to transfer funds out of the account into another account in another city or country. If they steal credit card information, they will make as many purchases as possible before the card gets locked down. Often times they are looking for “gateway” information that allows them the opportunity to access your bank accounts.
After a successful attack, the scammer will usually disappear, never to be heard from again. Vishing criminals take many steps to hide their identities and activities; in many instances, the likelihood of catching and prosecuting them is unlikely.
How to prevent vishing attacks
The rate of fraudulent activity has increased every year since 2015. To avoid becoming a victim, take these steps to avoid vishing:
Sign up for the Do Not Call Registry
The National Do Not Call Registry provides a free way for consumers to stop unwanted sales calls. Note that the Federal Trade Commission cannot block phone calls. Rather, the registry tells telemarketers who they cannot call.
Once you sign up for the registry, you can expect it to take up to 31 days for sales calls to stop. However, you may still receive calls from companies with which you regularly do business. Likewise, political calls, surveys, debt collections and informational calls are permitted.
A robocall is an automated phone call that usually delivers a recorded message. Scammers will also use auto-dialers to make a large number of calls in a matter of minutes, so they have a better chance of reaching a real person.
In 2018, Americans received 26.3 billion robocalls, which is roughly 80 calls per person. This represented a 46% increase over the previous year. Though the National Do Not Call Registry can reduce the number of automated calls you receive, it can’t stop scammers, because they ignore the registry.
You can manually block malicious numbers from your smartphone with a few taps. Refer to your phone’s manual for specific instructions.
Don’t answer unfamiliar numbers
Sometimes even blocking phone numbers won’t stop vishing attempts because scammers use software to scramble their real phone number. For example, scammers often mimic the area code and the first three digits of your phone number to trick you into thinking it’s a local call. If you block one number, scammers will simply call you from another.
If you answer the phone and then hang up immediately, the scammer will know that your line is active. However, if you do not pick up the phone, scammers will eventually consider your number to be dead. Resist the urge to answer the call, and you should see the frequency with which you receive robocalls begin to fall.
Cultivate a healthy level of suspicion
If you receive a call informing you of activity on one of your accounts, treat this interaction with suspicion. The person on the other end of the line may even have some of your personal information, but that doesn’t mean they’re a real authority. Do not confirm nor deny any of the information that they provide, and do not provide any information of your own.
Your best course of action is to hang up the phone and directly call the organization they claimed to represent. Reach out to the business or entity on your own from their official website—do not trust contact information provided by the person who called you. If they are a scammer, this info will just loop you right back in through unofficial channels.
Federal and state resources
If you believe that you have been a victim of vishing or any other type of fraud, there are government resources available:
- The Federal Trade Commission’s Complaint Assistant
- The Oregon Division of Financial Regulation’s suspected financial exploitation form
You may also want to alert the three major credit bureaus of fraudulent activity on your accounts. When you alert one bureau, the others will be notified automatically. Likewise, consider placing a freeze on your credit, which prevents fraudsters from opening new accounts in your name.
You can find more information from:
Identity theft can throw a wrench into your financial plans, but you can get back on your feet with the right help. Stay educated on the latest scams, and only deal with people and organizations you trust. Visit our security center to learn more about how to protect yourself from scams online and offline.