August 7, 2008

Calling Scam Hits Locally / Known As Vishing, Scheme Tricks People into Giving Personal Data Over Phone

A new scam intent on stealing personal information is gaining popularity. The scheme, called vishing, has recently targeted people in Richmond's 804 area code.

"The number of people who are making complaints about this type of crime is on the rise," said Cathy Milhoan, spokeswoman for the FBI's cyber division.

But vishing is so new that most people aren't aware that it is taking place.

Vishing can occur in three ways: automated phone calls, text messages or e-mails. In each method, people are warned of deactivated or frozen bank or credit card accounts or of possible fraudulent activity. All are given phone numbers to call.

But the fake calls or e-mails are an attempt to get unsuspecting people to give up passwords, credit-card numbers and other personal information.

Vishing is cousin to phishing, which attempts to get people to give out information online. Vishing - the V stands for voice - happens over the phone.

Vishing attempts have hit locally. In mid-July, fraudsters began posing as officials from the Chesterfield Federal Credit Union.

The scam started with automated phone calls and then migrated to e-mails - all supposedly coming from the credit union. People were given a phone number to call and were asked to provide personal information.

In some cases, the number was toll free. In others, the connection went to Iowa and Oregon. Both members and nonmembers were contacted.

"We will never send e-mails or call people asking them to respond with personal information," said Chris J. Miller, the credit union's marketing manager.

Miller this week received 15 to 20 e-mails from consumers asking about the fake notes, but it does not appear anyone has fallen prey to the scam.

In the credit union e-mail sent in the vishing attempt, the message was topped with the institution's logo. But there was some funny wording - for example, the use of "legit," rather than "legitimate."

Bad grammar and misspellings are one thing to look out for, experts say. The reason is because several phishing and vishing attempts have been traced overseas and require translation, said Craig Butterworth, spokesman for the National White Collar Crime Center in Richmond.

This scam works because the phone is considered safe.

"The idea that you can trust a number you are calling has changed significantly just recently," said Tom Cross, computer security investigator for IBM Global Technology Service.

Phone service can be provided over the Internet, which makes it harder to trace activity.

Vishing alerts in January and June were issued by the Internet Crime Complaint Center, a joint partnership between the crime center and the FBI.

There are no hard numbers to show how many vishing victims there are. One reason is that the crime is relatively new and people don't often know what crime they are a victim of, the FBI's Milhoan said.

The Chesterfield Police Department got involved in the credit union case when an officer received one of the automated calls. The officer called the number thinking it was fake and provided bogus information when asked to leave his name, Social Security and credit- card numbers, a spokesman said.

The schemes

Phishing and vishing are attempts to steal your personal information.

Phishing: A fake e-mail, which appears to come from a legitimate business, directs people to a Web site, where they will be asked to provide personal information such as passwords and bank account numbers. The Web site appears legitimate but is a fake.

Vishing: Similar to phishing, but in this case the intended victims receive an automated phone call, text message or e-mail directing them to call a phone number. Usually, the caller will be greeted with a phone message asking for personal information.

Check your credit: The three credit check and rating firms - Experian, TransUnion and Equifax - each must supply free credit checks once per year. To continually protect yourself, check one every four months.

SOURCES: Internet Crime Complaint Center, Federal Bureau of Investigation, ClearPoint Financial Solutions

Vishing scam hits Chesterfield credit union

This latest identity-theft scheme is similiar to phishing, but instead of going to a Web site, it instructs people to call a phone number, where they will be prompted to provide personal information. Some things to watch for:

"Dear Customer"

The credit union has members, not customers. "Customer" would never be used.

"[[email protected]]" is real, but [email protected] and [email protected] do not exist.

"Union regret to"

Should be "regrets." Many phishing scams originate overseas. As a result, grammar is not always correct.

"Fraudulent pages that looked legit."

Watch for slang.

"(503) 922-2829"

Local company would not give a long-distance number to call.

"Copyright 2008 - Chesterfield Federal Credit Union, All rights reserved"

Deliberately misleading copyright.

Contact Emily C. Dooley at (804) 649-6016 or [email protected]


Originally published by C. DOOLEY; Times-Dispatch Staff Writer.

(c) 2008 Richmond Times - Dispatch. Provided by ProQuest Information and Learning. All rights Reserved.