Category Archives: Vishing

Police Impersonation Scam (OR: You Can’t Post Bail with Gift Cards)

Here’s a scenario based on a recent article I read:

  1. The telephone rings. The caller ID displays a 204 area code. You answer it.
  2. The caller introduces himself as Officer Scott Davidson from the Brooke Police Department.
  3. The caller claims that a relative has been arrested and needs $2,000 to post bail.
  4. The caller instructs you to purchase gift cards and relay the numbers to him over the phone.

At what point would you begin to think, “Something’s weird about this?”

If you’ve memorized every area code in the world for some reason, or happen to have some weirdly specific purpose for recognizing the 204 area code (it’s in Canada), that might have been enough. But that’s probably not most people.

If you’ve heard of the Grandparent Scam, you might recognize the pattern: an alleged police officer calling to request money to bail out a relative.

The point at which the call really goes off the reality rails, however, is when the caller tells you to buy gift cards and relay the numbers. Remember this (repeat it out loud, write it on all your telephones in Sharpie marker, whatever you need to do): you can’t post bail with gift cards.

Also: police don’t call demanding payment over the phone.

Also also: never trust a stranger asking you to buy gift cards and relay the numbers, or wire money.

Source: Police: Phone scam involves officer impersonator

Vishing attack using REGIONAL Federal Credit Union

Phishing, vishing and SMiShing perpetrators usually go for the larger, national retail banks (Chase, Fifth Third, etc.). Their reasoning is that these banks have millions of customers, so if you send out ten million emails, half a million of those people will actually be customers of whatever bank you’ve chosen to impersonate (and several thousand will actually fall for it).

Sometimes they go for the smaller financial institutions, though. Just over the past few days, people have reported receiving calls that claim to come from REGIONAL. Hey, that’s us!

These calls attempt to trick victims into entering their debit card numbers on the phone’s keypad. Since we’ve received several reports from people who tell us they just hung up, I take it as a good sign that many of our members aren’t being fooled, but as I’ve said before: nobody is invulnerable. Even a jaded, cynical scam blogger can be tricked, given the right (or wrong, I suppose) circumstances.

This is one of those cases where asking, “Who initiated contact?” is your best friend. Your phone rang and someone asked you to reveal personal information. That’s your cue to hang up the telephone. No financial institution has any reason to call you and ask for information that they gave to you in the first place.

Gone Vishin’

It’s 9:30 at night when the phone rings.

The Caller ID displays “Card Services” and a toll-free number.

You pick up the phone, and an automated voice informs you that “your card has been compromised.” It gives you a phone number to call to take care of the issue. The phone number is the same number on the Caller ID display.

Now…what should you do?

If you answered, “hang up and ignore the call,” you’re right.

Currently, there is a move towards integrating older technologies with the Internet. Eventually, I believe these technologies will be fully integrated; your television signal, Internet connection and telephone service will all be traveling along the exact same lines as part of the same service. These different technologies will also become more “seamless” over time—there will be less of a distinct divide between how you use your TV and your computer, and between the content you will receive from both. Okay, you’ll probably still use your phone to call Mom, but the signal will be digital, and it will be traveling through the Internet.

However, there is a downside, at least for the time being: vishing. Using Internet telephone services (Voice over Internet Protocol, or VoIP), criminals are able to spoof Caller ID information, to make a phone call appear to be from a trusted entity such as a financial institution or credit card issuer.

Let’s face it, you’re more likely to believe a call from “Card Services” than you are a “Blocked Call” or “Unknown Caller.” And that’s the basis of how Vishing works.

What happens if you call the number as instructed? You will be instructed to enter your credit or debit card number, expiration date, PIN and other security information. This is pretty much everything a crook needs to use your card for fraudulent purposes. They might also attempt to get your personal information, such as date of birth or Social Security number—basically, everything they would need to commit identity theft.