Voice Phishing (Vishing)

Eliminate the Threat of Vishing
As is increasingly common in vishing (voice phishing) schemes, a consumer receives a telephone call and their Caller ID device displays “Bank of XYZ.”  XYZ Bank is calling to verify credit card transactions for the security of the cardholder.  The real caller may be in Eastern Europe, with no affiliation with XYZ Bank, but has used Caller ID spoofing to mislead the consumer into believing it is their bank on the line. 

Many consumers fall prey to this deception and share personally identifiable information (PII), allowing the fraudster to do financial harm later by using that victim’s PII. 

Consumer advocates advise cardholders to never give out PII to a caller, even when Caller ID indicates it is supposedly safe to do so. Advocates also advise that consumers first verify a bank’s actual number from publicly available sources, then call the published number, not the number provided by the Caller ID. This compounds the bank’s problems by reducing the value of a common authentication tool: calling a customer back.

This newfound distrust in Caller ID is limiting the efficacy of verifying PII and account information over the phone. Because of these relatively new threats, prudent banking requires a view that every call, regardless of purpose, is a potential attempt to gather more information to assist the fraudster in the execution of their crime.

Use Case with TrustID:  A vishing fraudster places a call into the bank. When the customer service representative answers the phone, the visher asks for help balancing an account. The fraudster has a bank statement that was illegally removed from the victim’s mailbox, and is well armed with account facts and other PII. Within a few minutes, the visher is able to get access to the information – such as account balances and open-line amounts – that are needed to perpetrate a large fraudulent transaction.

With the TrustID solution installed at the bank, the customer service representative’s screen would have shown the caller as a Spoofer. The labor wasted on the call, as well as the information sharing, would have been stopped cold due to this heightened security notification and the employee’s security training kicking in. An aware employee, combined with the assurance of TrustID technology to identify a spoofed call, prevents confidential information from getting into the wrong hands and proactively halts any damaging actions.