Vishing, which is socially engineered phishing done by phone rather than through an email is getting more and more sophisticated. There is a reason that scammers are often referred to as scam artists. Many scam artists are incredibly adept at psychology and armed with a bevy of personal information about you, they can both convince you that an emergency exists and that you need to respond by providing them with personal information that unfortunately can often lead to identity theft.
Presently there are a number of variations of vishing telephone calls that appear to come from your bank, some of which are from live people, but others are coming from convincing sounding robots that appear to be actual people. These calls generally tell you that your ATM card has been used for fraudulent purposes and that you need to replace it immediately. These calls may appear on your Caller ID as if they are coming from your bank, but through a technique called “spoofing,” your Caller ID can be tricked into making a call from another source appear as if it is indeed coming from your bank. The phony bank employee is also armed with much personal information about you, including in some instances the last four digits of your Social Security number, your address and even your debit card number. This can make the call appear quite legitimate. During the course of the call you are then asked for the three digit CVV security number from your card, your PIN or both. The scammer can make it appear quite legitimate for you to provide this information. However, in time after time, people who have provided this information end up having money stolen from the bank accounts tied to their debit card.
These new vishing scams are increasingly convincing because the scammers already have so much information about you that they can appear to be quite legitimate. The information they have has generally been bought by the scammers on the Dark Web, that part of the Internet where criminals buy and sell things including the personal information that may have been obtained through the many data breaches that are increasingly part of the new normal. The best thing to do is to remember my motto, “trust me, you can’t trust anyone.” While if you take the time to think about it, you would realize that your bank does not need you to provide your CVV or PIN, scammers are quite adept at getting people to respond quickly to a perceived emergency, particularly where the person calling appears quite legitimate, which leads us back to my motto. Never give out personal information to anyone on the phone unless you have initiated the call and you are sure the information is necessary. In the case of these debit card vishing scams, the best thing to do if you think the call may be legitimate is to hang up, flip your card over and call the bank’s 800 number that appears on your debit card. It is important to dial the number carefully because some scammers have even obtained phone numbers that are quite similar to those of legitimate bank customer service numbers in an effort to catch people who make a simple mistake in dialing the number.
If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”