Top 5 Vishing Techniques

“Vishing” occurs when criminals call victims on the phone and attempt to lure them into divulging personal information that can be used to commit identity theft.

The name comes from “voice,” and “phishing,” which is, of course, the use of spoofed emails designed to trick targets into clicking malicious links. Instead of email, vishing generally relies on automated phone calls, which instruct targets to provide account numbers.

Vishing techniques include:

Wardialing: This is when the visher uses an automated system to call specific area codes with a message involving local or regional banks or credit unions. Once someone answers the phone, a generic or targeted recording begins, requesting that the listener enter bank account, credit, or debit card numbers, along with PIN codes.

VoIP: Voice over Internet Protocol, or VoIP, is an Internet-based phone system that can facilitate vishing by allowing multiple technologies to work in tandem. Vishers are known to use VoIP to make calls, as well as to exploit databases connected to VoIP systems.

Caller ID Spoofing: This is the practice of causing the telephone network to display a false number on the recipient’s caller ID. A number of companies provide tools that facilitate caller ID spoofing. VoIP has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.”

Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing.

Dumpster Diving: One time and tested “hack” is simply digging through a bank’s dumpster and salvaging any lists of client phone numbers. Once the visher has the list, he can program the numbers into his system for a more targeted attack.

To protect yourself from these scams, educate yourself. Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents, and if your bank provides information about vishing online or in the mail, sit up and pay attention. As this crime becomes more sophisticated, you’ll want to be up to date.

If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.

Don’t trust caller ID, which can be tampered with and offers a false sense of security.

Call your bank and report any fraud attempts immediately. The sooner you do, the more quickly the scam will be squashed.

Document the call, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller, and report this to your bank.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

1 reply
  1. edward
    edward says:

    People who call saying they are with Wells and are not.

    Did you get a call from 800-473-2400? Read the posts below to find out details about this number. Also report unwanted calls to help identify who is using this phone number.

    9 Feb 2010
    I kept getting a call from this number, and if I answer it, no one is there, and the line disconnects. If I let it go to voicemail, a message is left, instructing me to call this number back. The message stated it was from Wells Fargo Fraud Prevention department. I called the number, and the automated system asked for the last 4 of my Wells Fargo check/credit card number. I thought this to be suspicious, because the last time Wells Fargo called me, I spoke to a live person, and they never asked me for account number or credit card numbers. I called Wells Fargo customer service, gave the lady the number, and she called, and verified that even though the recording stated Wells Fargo, it was NOT Wells Fargo. She reviewed my account, and everything is fine. For kicks, I called the number back, and entered a fake 4-digit number as my card number, it then connected me to a live person, who then asked for my full card number. To my understanding, banks do NOT ask for this information over the phone. He stated that the automated system calls customers to verify potential fraudulent activity, and that if I was uncomfortable with giving this information out, to call the number on the back of my card, which I then told him that I already did, and Wells Fargo confirmed that this number and the recording is not part of Wells Fargo. We then ended the call.
    Caller ID: 1-800-473-2400
    Caller: “Wells Fargo”
    Reply !

    3 Mar 2010
    I got the same voicemail on my cell phone. I called and I entered the wrong card number by mistake. Then I got a live person and she asked for the last 4 of the card number and the 3 digit security code. I told her I didn’t have it. She then said it was Wells Fargo Fraud Prevention and see that an attempt to make a purchase using my husband’s debit card was made yesterday 3/2/10 for $683.18. I told her he has the card in hand and didn’t make any purchases. She then went on to say that there was another transaction for $3.66 from Shell which he did make that purchase in the morning. That’s what made me think it really was Wells Fargo. So I hung up and called my husband and he called them himself (800-473-2400). They offered a Identity Theft Protecton and asked for the last 4 of his SS#, his DOB, last 4 of CC & Security Code. In the mean time I called Wells Fargo myself and asked about the mysterious Walmart transacton to see which Walmart so I could call WalMart and ask to see security cameras and she said she had nothing on file. I gave the Wells Fargo Rep the telephone number I was given (800-473-2400) and she said that is not one of Wells Fargo’s numbers. I immediately called my husband back to tell him it was fraud and he was on the home phone with “Wells Fargo Fraud PRevention” who was offering him the Identity Theft Program. He almost went for it. When my husband confronted him that it was fraud and we jsut got off the phone with WELLS FARGO who said there was no “suspicious” activity and the rep got quiet and immediately gave my husband his name, Travid Idle, and gave a Wells Fargo’s Identity Theft Program telephone number (877-816-2423) and hung up. I tried calling that 800-473-2400 number back but they keep giving 800-GO-WELLS number now. i cannot get a live person. BE CAREFUL!!
    Caller: Wells Fargo Fraud Prevention
    Reply !
    bubba replies to Kristie
    9 Mar 2010
    I just talked to Wells Fargo customer service just now and they confirmed that 800-473-2400 is their fraud prevention department.
    Reply !

    Troll replies to bubba
    3 Jun 2010
    no it’s not
    Reply !

    jake replies to bubba
    15 Dec 2010
    anyone saying this number is legitimate is probably part of the scam. I verified with Wells Fargo this morning that there are no wells fargo numbers with this listing (1-800-473-2400) its a fraud DO NOT give them any information. These people are thieves and are trying to steal your money, and all of you ppl posting stuff on here that are part of this scam, get ready to go to prison.
    Reply !

    J.C. replies to bubba
    11 Jan 2011
    The fraud prevention number for Wells Fargo is (800) 867-5568 you should be looking for numbers you can find only through your online account or the phone book. If you do a reverse look up on the fraudulent number you can’t get a name.
    Reply !

    14 Mar 2010
    I was going over my online banking this morning and saw charges that I hadn’t made. I went through my caller id and this number was there along with several others. The messages was cut off and all i heard was debit card press any key for assistance. Come to find out, some had my info and was purchasing “stuff”. I’m calling wells right now to find out what else is going on.
    Reply !

    26 Apr 2010
    I got a message from a suposed Wells Fargo Fraud Prevention line. I checked my account online and saw there was a fraudulant charge in DETROIT. I called the number on the answering machine 1-800-473-2400 I gave him the last four of my card, last four of my social, and the info on the back, nothing completely out of the ordinary, but he put me on hold for a very long time and I started to regret that I didn’t call the number on the back of my card. My gut told me to hang up so I did. When I spoke with Wells Fargo he tried to find out if it was a valid number and couldn’t find such a number after checking several locations. He said that if they have a specific fraudulant purchase the fraud department will call with a different number than the one on the back of the card, but what I learned from the experience is that I will ALWAYS call the number on the back of my card to be safe.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *