Internet Guide Logo

Vishing: a fraud to steal money and Internet banking details

Last Edit: 25/10/18

Most Internet users are probably accustomed to the term phishing -- where fraudsters send unsolicited emails to entice unsuspecting victims to pass over their banking details -- but chances are they're unaware of the term: vishing. So, what is vishing? its a similar behaviour to phishing, but instead of using emails, the fraudsters phone up their victims. With banks and credit card companies regularly phoning their customers to verify payments and warn customers about potential fraudulent use of their account, fraudsters can appear entirely plausible when they phone a customer and purport to an official from a bank or building society (typically their security or fraud squad). M&S bank has also warned that fraudsters sometimes claim to be the police or another trusted source, such as the local council.

The story given by the fraudster will, of course, vary, but the premise will be similar: that a problem has occurred that urgently requires the bank customer to hand over financial information (such as card details, login information, and pin numbers), or requires the customer to make a payment from their account to the fraudsters account for 'safekeeping' -- to solve the 'problem' the fraudster has invented. In reality, there is no problem, and if a customer does transfer funds from their account to the fraudsters account -- to solve the 'problem' -- then the bank may not provide compensation to their customer because the customer has authorised the payment. In May 2018, the BBC reported on a vishing scam that netted £1.2m in the north east of Scotland, and quoted Det Insp McPhail who said "Let me be clear that banks will never make phone calls like this asking you to move money".

Techniques that fraudsters use, and should be watched out for:

  1. Phone number spoofing: they can make the number look like the banks on caller ID.
  2. They use background noise to make it appear the fraudster is calling from a call centre.
  3. They sometimes 'hold the line', so when the caller tries to phone another number it goes back to the fraudster.

How to combat vishing:

  1. Customers should always be wary of phone calls from a bank, and should not be afraid to refuse requests for information.
  2. Fraudsters can already possess many details about bank customers (address, account number, contact details) due to identity theft and data breaches. Therefore, just because someone phoning knows details about the bank customer, it should not be assumed they are official and not a fraudster.
  3. Fraudsters will often target the elderly and retired. Elderly relatives should be warned about vishing.
  4. Customers should never give pin numbers or security details to someone who has phoned claiming to be from a bank or building society.
  5. Banks will never ask their customers to move money to another account.
  6. If customers are suspicious or unsure, then always end the call, and phone the bank on their official phone number (found on their bank statement) to verify if the bank has phoned.
  7. To combat 'holding the line' schemes, use a different phone (if possible, such as a mobile) to phone the bank to verify the bank has officially phoned.

In conclusion, bank customers should not underestimate how sophisticated fraudsters can be when using a vishing scam. It is not only the elderly who have been tricked by such schemes, businesses, law firms, charities and sports clubs have also been targeted and become a victim. Whenever a customer is contacted by a bank, or someone purporting to be from a bank, they need to automatically be suspicious, and consider seriously whether this is a scam or not. Whenever there is doubt end the phone call.