Several sources are reporting a spike in automatic telephone calls warning folks about fraud on their credit card and bank accounts. The robocalls direct customers to call a phone number to “verify” their account information. These voice phishing attacks, sometimes called “vishing,” aren’t new but I figured it’s worth a warning.
The Thurston County Sheriff’s Office reports that cons have spoofed calls from Evergreen Direct Credit Union and Our Community Credit Union. The message states that a customer’s “debit card has been deactivated due to a billing error.” It then prompts cardholders to enter their 16 digit debit card number and PIN. If a customer falls for this, they hear that their account is now "activated." Meanwhile, cons in Spain are pilfering their dough.
A Washington Post blogger writes, “It may be hard to imagine how many people actually fall for these scams, but you might be surprised.”
In March 2008, he wrote about a complex vishing attack that targeted customers of multiple credit unions. In this case, customers received a text message instead of a robocall. In just a few weeks, the “phishers sent millions of text messages, and records from that server show that roughly 4,400 people called the fake bank phone number as directed. Out of those, 125 people entered their full credit/debit card number, expiration and PIN.”