Jane, an individual, has recently been calling various financial offices pretending to be another person to gain
financial information. Which of the following attacks is being described?
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical
financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur
over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email,
VoIP (voice over IP), or landline or cellular telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that suspicious
activity has taken place in a credit card account, bank account, mortgage account or other financial service in
their name. The victim is told to call a specific telephone number and provide information to “verify identity” or to
“ensure that fraud does not occur.” If the attack is carried out by telephone, caller ID spoofing can cause the
victim’s set to indicate a legitimate source, such as a bank or a government agency.
Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many
legitimate customer services, vishing scams are often outsourced to other countries, which may render
sovereign law enforcement powerless.
Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of
illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any
unsolicited message, a consumer should directly call the institution named, using a number that is known to be
valid, to verify all recent activity and to ensure that the account information has not been tampered with.