Has someone from the bank flagged you to
“alert” you about possible misuse of your cards? Be careful, as you could be a
victim of vishing. Currently, with the advancement of technology, fraud to
access private information is more frequent. Therefore, here we will explain
what vishing is and how to prevent it.
What is vishing?
Vishing is a fraud that aims to obtain,
through a phone call, a person's personal data and bank information. Usually,
criminals pretend to be a bank employee and ask for unique passwords that they
receive by SMS to "solve" the problem; however, they use them
fraudulently.
In the latest Balance of Cybercrime in
Colombia, corresponding to 2017 and released in 2019, it is mentioned that more
than half of the computer crimes handled by the Police Cyber Center are due
to internet scams. According to the document, 60% of all reported cases
corresponded to fraud on e-commerce platforms. Of that percentage, 16% is due
to vishing.
Vishing in e-commerce
According to a study by IBM (2020), the COVID-19
pandemic has increased the number of online purchases. Therefore, as eCommerce
increases, the risks of potential fraud increase. The most common frauds that
occur when buying online are:
●
Phishing: Attackers trick the victim by
simulating web pages that appear to be authentic.
●
Smishing: uses SMS to attack the user.
● Vishing: It is similar
to smishing, but it uses an urgent phone call to commit the fraud.
In all cases, it is advisable not to share
sensitive data by mail or telephone. It is also recommended to verify that the
website is legitimate, in order to avoid identity theft.
In the case of vishing, scammers pose as
buyers interested in your product and try to obtain their personal information
by making a call. Also, sellers can mark you and offer, through deceptive
advertising, some offers and promotions. This is on the condition that you
share confidential information with them.
How to detect vishing?
Elvishing can be detected in the following
ways:
● Urgency: the person
makes you believe that they have been making fraudulent purchases through your
credit or debit card, so you must act quickly.
● Phone Skills: The
phone number appears to come from an "official" site, even though it
isn't.
● Correct Information:
The person calling you has your name, address, phone number, and bank
information.
● Business atmosphere:
Lots of background noise, giving the impression of a call center. Scammers
manage to mount sound effects on the call.
●
Request for information: Legitimate companies
will never ask for your social security number, ID card, or credit card number.
While scammers, through deception, can request your banking information
(carding).
How does vishing work?
The scammer creates an automated voice system
to call users and ask for private information. Then, the cybercriminal sends a
text message supposedly sent by a financial institution, where they inform the
citizen that they have charges in one of their accounts, and if they do not recognize
them, they must reply to said message with the word NO. Minutes later, the
victim receives a call from an "alleged operator." During the call,
the operator will inform the citizen that it will send another message with an
alleged cancellation page and a link to enter a "bank web portal."
How to avoid it?
It is very important not to be fooled by this
type of fraud. So keep the following recommendations in mind:
● Do not reply to
suspicious messages or messages from unknown senders.
● Banking passwords
should never be entered into any website reached by email, chat or text
message.
● If you receive calls
indicating certain types of promotions, this information must first be
verified.
● Never reveal personal
information.
● Fraudsters can mask your
number and appear with the name of the bank they want to impersonate.
●
In case you receive these types of suspicious
calls, contact your bank to clarify the situation.
Neither financial institutions, nor card
operators such as VISA or MasterCard, request personal data from their clients
or verification of their accounts, by email, text message or by telephone.
Unless the user was the one who first contacted the financial institution.
Banks do not ask for private information over
the phone, under no circumstances should the following be provided:
● Card number.
● Expiration date.
● Security code.
● DC (citizenship card)
.
●
Access password.
What to do if you have been a victim of vishing?
If you have already been a victim of vishing,
what you need to do is:
● Immediately tell your
bank what happened.
● Confirm with the
telephone adviser that there are no purchases that you have not made. If so,
raise a clarification for the bank to open an investigation.
● File a complaint with
the Cyber Police to initiate an investigation process.
● It is recommended to
write down the suspect number for future reference.
●
It should be noted that Colombian users may
have access to judicial or administrative authorities to assert their rights as
a consumer.
As online purchases are increasing day by day,
you need to be aware of any suspicious activity and protect your personal data.
Vishing is a very frequent fraud among users in general, but if the
aforementioned tips are taken into account, the scammer probably cannot achieve
his goal.