Criminals use many avenues to access personal information and money from bank accounts, including vishing, the phone version of email phishing that uses a live voice or automated voice message to access sensitive information such as bank or credit card details says the Chief Risk Officer of the African Bank Piet Swanepoel.
The perpetrators deliberately create perfect conditions for unsuspecting victims to willingly give out personal information such as their full names, ID numbers, addresses, telephone numbers and your online banking or credit card details.
Their goal is to trick people into providing sensitive information over the phone that they can use to access your financial accounts or steal your identity.
“The word ‘vishing’ is a combination of ‘voice’ and ‘phishing’. Most people are familiar with phishing. This is the case when someone calls who claims they are from your bank, credit card company, charity, or even a debt collection company.
“Vishing criminals use a fake caller ID that can make the attack look like it came from an unknown number or an 800 number in hopes that the target person will answer the call,” Swanepoel said.
“Posing as a person or a legitimate company to scam people is not a new thing. Vishing is simply a new twist on an old routine and has been around as long as the internet. “
An example of vishing is a phone call from someone saying it is from your bank or other financial institution. They may say they are calling because there is a problem with your account or a payment from your account and ask you to transfer funds to another account to resolve the issue.
The attacker, posing as a bank clerk or service provider, uses social engineering skills to manipulate the person into divulging confidential information because they believe they are talking to a legitimate company employee.
In social engineering, fraudsters are more likely to use psychology than technology to gain access to sensitive information. It relies on belief, manipulation, or deception to induce a person to break normal security practices and best practices.
Swanepoel said this is why many people don’t even realize they are being cheated on. “Victims are often unaware that they have given the ‘helpful’ person on the phone valuable information that will be used to steal their money or personal information – or both,” he said.
The biggest red flag with vishing systems is an extreme sense of urgency to act on whatever the caller claims to be a problem – a breach of your bank account, a fraudulent transaction, or winning a prize to redeem, stressed Swanepoel.
The African Bank gives the following tips to avoid becoming a victim of vishing:
- Be aware that criminals mask phone numbers to make it appear they are calling from legitimate companies.
- Your bank will never ask you to confirm confidential information over the phone.
- Never give your personal details such as your bank profile details or debit / credit card details to a stranger on the phone.
- If you suspect the person you’re speaking to isn’t a real bank representative, drop the call and call your bank on a known number they can get from their website.
- If you see an OTP on your phone without actually making a transaction, it is likely that a scammer has used your personal information. Do not give this OTP to anyone over the phone and contact your bank immediately to inform them that you believe there has been fraudulent activity on your account.
- If asked to share your OTP, consider it a scam.
Read: Beware of These 3 South African Bank Scams