LEXINGTON, Ky. — Voice phishing, or vishing, is a phishing scam made over the phone, and University of Kentucky Information Technology Services (ITS) is warning the campus community about this form of phone fraud.
A skilled visher will have already obtained the basic information on their victim such as name, address, phone number and possibly bank details.
Vishers need the victims to be frightened and to respond with urgency. Often, they will “spoof” a phone number in order to have it appear to be coming from a legitimate area code, creating a sense of legitimacy.
A successful visher, relies on the potential victim oversharing on social media.
For example, some students may post their resumes with all their accomplishments and honors, including the prestigious scholarship they’ve won, on a social media site designed for business. They feel this is an easy method to get their resumes out and into the hands of many more hiring officials. However, it is also a way for a visher to gain the information needed to run a scam.
Common vishing scams will use this information to prey on students, claiming there is a warrant for their arrest because they have not reported certain scholarships on their taxes correctly. The conversation is made more believable because the caller has the students’ GPA and other personal information from the posted resumes. A student may be informed that if they pay the tax amount plus the late penalty everything will be alright. Conveniently, the victim is told, they can pay with gift cards. The visher provides instructions to purchase iTunes gift cards and the victim is told where to mail them.
Common vishing scams also involve trying to obtain PIN numbers, Social Security numbers, credit card security codes, passwords, and other personal details. All this information can be used for identity fraud or to steal money directly from bank accounts.
Basic steps you can take to protect yourself:
- Never call the number given to you or displayed on your Caller ID (unless you already know the number). Take the time to look up the correct number.
- Secure your social media, and do not overshare on it.
- Never give out any personal information. A legitimate company will never ask you for your Social Security Number, national ID numbers, or credit card PINs.
- Ask questions. If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out to see if they are legitimate.
- When in doubt, hang up!
If you use Microsoft Outlook and receive one of these or similar phishing emails, please click on the “Report Message” button in the top right corner of the message window. You can also create a new email message addressed to [email protected] – then, attach the questionable email to inform ITS that a malicious email is circulating.
For phishing tips, follow ITS on Twitter: @ITS_UKY.