© Bank of America Corporation. All rights reserved.
Criminals use phone calls, called “vishing,” or voice phishing, to steal information and money. Here’s how you can avoid falling for the latest tricks.
It usually comes as a phone call that sounds urgent or alarming. An unsolicited caller tells you your bank account has been compromised, and that they need your PIN so they can verify your identity or unlock the account. Or they say they’re from a government agency, such as the IRS or the Social Security Administration. Sometimes they insist you owe money. Or they might announce you’re a lucky winner — but you’ll need to pay for shipping and handling to claim your prize.
These are all examples of “vishing,” a term that combines “voice” and “phishing” to describe a scam that relies on either a mobile or land line phone. Phishing refers to any attempt by cyber criminals to steal money or personal information from people through deceptive practices. It can also be perpetrated through email and short message or texting systems (known as “smishing”).
Criminals continue to use vishing techniques because they realize that talking quickly and persuasively can catch many people off guard. While some of these attempts are easy to detect, others are subtle enough to fool even cautious consumers, especially when the caller makes it seem like urgent action is needed.
One of the reasons these deceptions can be so convincing is that criminals can use personal information they’ve harvested from other sources to make a vishing attempt sound like an honest exchange. They also spoof phone numbers that belong to established organizations, which makes them appear legitimate on your caller ID. And they may lower your defenses with excellent imitations of call center professionals.
It pays to be aware of the latest vishing scams, but always remember the most important rule: You should never provide personal or company information on an unsolicited call, no matter who you think it is.
Vishing calls might come from an actual person or use automated robocall technology, or some combination of both. The caller may know nothing about you, or they may provide information such as your address, or even the last four digits of your Social Security number, to win your trust. If you’re at work, a caller might pretend to be a trusted colleague and ask for CashPro® or Online Banking credentials.
In every attempt, there will be a request for more information. Here are a few general vishing categories:
There are a few simple but critical rules to remember before you answer an unsolicited call:
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided "as is,“ with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.