It usually comes as a phone call that sounds urgent or alarming. An unsolicited caller tells you your bankaccount has been compromised, and that they need your PIN so they can verify your identity or unlock theaccount. Or they say they’re from a government agency, such as the IRS or the Social SecurityAdministration. Sometimes they insist you owe money. Or they might announce you’re a lucky winner — butyou’ll need to pay for shipping and handling to claim your prize.
These are all examples of “vishing,” a term that combines “voice” and “phishing” to describe a scam thatrelies on either a mobile or landline phone. Phishing refers to any attempt by cyber criminals to steal moneyor personal information from people through deceptive practices. It can also be perpetrated through emailand short message or texting systems (known as “smishing”).
“You should never give out personal or company information to an unsolicited caller, no matter who you think it is.”
Criminals continue to use vishing techniques because they realize that talking quickly and persuasively can catch many people off guard. While some of these attempts are easy to detect, others are subtle enough to fool even cautious consumers, especially when the caller makes it seem like urgent action is needed.
One of the reasons these deceptions can be so convincing is that criminals can use personal information they’ve harvested from other sources to make a vishing attempt sound like an honest exchange. They also spoof phone numbers that belong to established organizations, which makes them appear legitimate on your caller ID. And they may lower your defenses with excellent imitations of call center professionals.
It pays to be aware of the latest vishing scams, but always remember the most important rule: You should never provide personal or company information on an unsolicited call, no matter who you think it is.
Common Phishing Scams
Vishing calls might come from an actual person or use automated robocall technology or some combinationof both. The caller may know nothing about you, or they may provide information such as your address oreven the last four digits of your Social Security number to win your trust. If you’re at work, a caller mightpretend to be a trusted colleague and ask for CashPro® or Online Banking credentials.
In every attempt, there will be a request for more information. Here are a few general vishing categories:
• Solving a problem with your account. A caller, purportedly from your bank or another organization youdo business with, explains that there’s a problem with your account access, a payment you recently made,suspicious transactions or perhaps a refund you’re owed. The caller requests information, such as youraccess code or account number, to resolve the issue.
• A demand for payment. Scammers may pretend to work for government agencies, such as the IRS or theFBI, or as employees at collection agencies or other third parties. They may tell you that you owe money andmust pay immediately or be fined or even arrested. These scams may also include text messages from thescammer to make their request look legitimate.
• Enrollment scams. Some criminals pose as representatives for government programs, such as the SocialSecurity Administration or Medicare, and collect personal or financial information under the guise of helping you enroll or receive payments. Criminals have also exploited the Small Business Association’s PaycheckProtection Program to target business owners seeking loans.
• Collecting an award or special offer. An old scam that is frequently recycled, this vishing call informs the recipient that they’ve won a contest or can cash in a limited-time offer of goods or services. Personal or payment information is then requested.
How to stay safe from vishing scams
There are a few simple but critical rules to remember before you answer an unsolicited call:
• Don’t answer calls from numbers you don’t recognize. Bear in mind, however, that vishing scammers sometimes leave voicemails with a callback number. Do not call a number back without checking to see if it belongs to a business you know. Note that most government agencies, such as the IRS, will not call you unless they have contacted you by mail first.
• Do not trust caller ID numbers. Criminals are routinely spoofing legitimate numbers of established companies and services.
• If you are suspicious, even if you recognize the caller’s organization, hang up before you give out any information or do not answer. If you think the call might be legitimate, call back a number you’ve verified independently — do not use your callback function. For instance, you should hang up on a caller who says they are with Bank of America but is not your normal contact.
• Do not give any caller personal or company information, even if they know some of your personal information already. Scammers can steal personal information from other sources or find it on the dark web and will use what they know to trick you into giving them more. The fact that a caller knows something about you or your company is not enough of a reason for you to trust them.
• Remember that Bank of America, like many businesses, will never ask you for account or CashPro® details unless you call us first.