How to detect and prevent vishing?

Has someone from the bank flagged you to “alert” you about possible misuse of your cards? Be careful, as you could be a victim of vishing. Currently, with the advancement of technology, fraud to access private information is more frequent. Therefore, here we will explain what vishing is and how to prevent it.

What is vishing?

Vishing is a fraud that aims to obtain, through a phone call, a person's personal data and bank information. Usually, criminals pretend to be a bank employee and ask for unique passwords that they receive by SMS to "solve" the problem; however, they use them fraudulently.

In the latest Balance of Cybercrime in Colombia, corresponding to 2017 and released in 2019, it is mentioned that more than half of the computer crimes handled by the Police Cyber ​​Center are due to internet scams. According to the document, 60% of all reported cases corresponded to fraud on e-commerce platforms. Of that percentage, 16% is due to vishing.

Vishing in e-commerce

According to a study by IBM (2020), the COVID-19 pandemic has increased the number of online purchases. Therefore, as eCommerce increases, the risks of potential fraud increase. The most common frauds that occur when buying online are:

      Phishing: Attackers trick the victim by simulating web pages that appear to be authentic.

      Smishing: uses SMS to attack the user.

      Vishing: It is similar to smishing, but it uses an urgent phone call to commit the fraud.

In all cases, it is advisable not to share sensitive data by mail or telephone. It is also recommended to verify that the website is legitimate, in order to avoid identity theft.

In the case of vishing, scammers pose as buyers interested in your product and try to obtain their personal information by making a call. Also, sellers can mark you and offer, through deceptive advertising, some offers and promotions. This is on the condition that you share confidential information with them.

How to detect vishing?

Elvishing can be detected in the following ways:

      Urgency: the person makes you believe that they have been making fraudulent purchases through your credit or debit card, so you must act quickly.

      Phone Skills: The phone number appears to come from an "official" site, even though it isn't.

      Correct Information: The person calling you has your name, address, phone number, and bank information.

      Business atmosphere: Lots of background noise, giving the impression of a call center. Scammers manage to mount sound effects on the call.

      Request for information: Legitimate companies will never ask for your social security number, ID card, or credit card number. While scammers, through deception, can request your banking information (carding).

How does vishing work?

The scammer creates an automated voice system to call users and ask for private information. Then, the cybercriminal sends a text message supposedly sent by a financial institution, where they inform the citizen that they have charges in one of their accounts, and if they do not recognize them, they must reply to said message with the word NO. Minutes later, the victim receives a call from an "alleged operator." During the call, the operator will inform the citizen that it will send another message with an alleged cancellation page and a link to enter a "bank web portal."

How to avoid it?

It is very important not to be fooled by this type of fraud. So keep the following recommendations in mind:

      Do not reply to suspicious messages or messages from unknown senders.

      Banking passwords should never be entered into any website reached by email, chat or text message.

      If you receive calls indicating certain types of promotions, this information must first be verified.

      Never reveal personal information.

      Fraudsters can mask your number and appear with the name of the bank they want to impersonate.

      In case you receive these types of suspicious calls, contact your bank to clarify the situation.

Neither financial institutions, nor card operators such as VISA or MasterCard, request personal data from their clients or verification of their accounts, by email, text message or by telephone. Unless the user was the one who first contacted the financial institution.


Banks do not ask for private information over the phone, under no circumstances should the following be provided:

      Card number.

      Expiration date.

      Security code.

      DC (citizenship card) .

      Access password.

What to do if you have been a victim of vishing?

If you have already been a victim of vishing, what you need to do is:

      Immediately tell your bank what happened.

      Confirm with the telephone adviser that there are no purchases that you have not made. If so, raise a clarification for the bank to open an investigation.

      File a complaint with the Cyber ​​Police to initiate an investigation process.

      It is recommended to write down the suspect number for future reference.

      It should be noted that Colombian users may have access to judicial or administrative authorities to assert their rights as a consumer.

As online purchases are increasing day by day, you need to be aware of any suspicious activity and protect your personal data. Vishing is a very frequent fraud among users in general, but if the aforementioned tips are taken into account, the scammer probably cannot achieve his goal.

Previous Post Next Post