With fraud on the rise, especially online, protecting information such as your bank details is more important than ever. In addition to popular methods such as email or SMS, fraudulent schemes can also be carried out by making a simple telephone call. In this article we explain how this scam works and how to identify it so that you don’t fall for it.
Let's imagine, for a moment, that you receive the following phone call: someone, who refers to themselves as an employee of the bank in which you hold an account, tells you that your credit card has been unexpectedly blocked and that, in order to unblock it, you must urgently confirm your card details. They ask for the expiry date and the card verification code (CVC), information that your bank would never ask for.
These types of calls, known as ‘vishing’, are more common than we think, so we must be prepared to identify them and prevent a third party from obtaining our bank details.
What is vishing?
As already mentioned, vishing is a type of scam in which criminals try to trick their victim via a telephone call. They usurp the identity of another person or, as in the previous example, of an organization such as a bank. They may also usurp the identity of an energy or gas company, or any other company that could serve as an excuse for establishing a communication. In any event, the aim is to steal personal or bank details or even convince people to transfer their money to the fraudsters.
The channel used to carry out this scam is what differentiates vishing from other methods such phishing (carried out via email) and smishing (carried out via SMS). Moreover, it is known as vishing because it combines the use of voice and phishing techniques.
How does vishing work?
The main tool used by scammers – or vishers, as these type of scammers are called – to try to obtain the information required or convince their victim to carry out a certain transaction, such as a money transfer, is social engineering. It is a set of techniques that vishers use in telephone calls to manipulate their target and gain their trust, in order to obtain the details they need. The three most commonly used methods, in terms of banking, are:
Spoofing: When appearances are deceiving
When making calls, cybercriminals may use techniques such as spoofing, which consists of creating a fraudulent website, company or individual. Part of this scam may involve displaying the alleged company's caller ID, concealing the actual source.
How can we protect ourselves from vishing?
Instead of getting alarmed, a very easy way to avoid this type of fraud is to be alert, informed and to take some simple precautions, such as not sharing your personal or financial data or security codes.
If you would like to learn more about this type of fraud, this article (in Spanish) on the Tu Futuro Próximo website (a blog produced by Santander Consumer Spain) provides further information on vishing and how to avoid it.