Back to Back Issues Page
Watch For Scams Newsletter. Vishing
September 10, 2020


Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below: Subscribe Here


The term "vishing" refers to "voice phishing" scams, which have grown in popularity lately because so many people are working from home during the pandemic.

For individuals, the most likely scam attempts will be bank-related; the scammers pose as somebody from one of your financial institutions.

Credit card fraud is so common these days that we routinely have to verify some transactions. Scammers use that to their advantage. The difference is that they'll ask you for "verification" information that banks never request.

Generally, there will be noticeable language quirks because most of them are outside of the U.S.

Other common vishing scams focus on IRS payments, prizes that you've "won," law enforcement threats, or tech support scams.

A very dangerous scheme designed to thwart two-factor authentication has scammers calling you to say they are conducting a security check. They'll ask you for a code that was sent to your phone, and if you fall for it, they can take over your account.

One of the reasons vishing can be quite convincing is that they typically use spoofed caller ID numbers that look legitimate.

Latest target: Remote employees

Businesses and their employees have recently become bigger targets of the scammers. The massive shift to work from home has created the perfect environment for targeting remote workers with persuasive blended attacks.

Scammers start by researching companies through publicly available information. That helps them create a victim profile that can include name, address, position, email address, and how long they've been with the company.

The swindler's next step is to put together an official-looking website that might even include the company logo. Such sites are specifically designed to convince victims that they are working with their company's IT department.

In many cases, the scammers will tell the victim that the company is switching VPN providers and that they need to go to this new website to connect to the company network securely.

What they're doing, though, is capturing the victim's login credentials. Armed with that information, scammers can access the company network and launch a ransomware attack, which will lock down critical systems and demand a ransom.

Letting calls go to voicemail can help you identify suspicious calls because the scammer has to leave a message for you to get back to them. You can cross-reference the callback number or contact your IT department through other means (text or email) to verify the request.

If a caller claims to be from your bank, never call the number they leave on the message. You should only call the number that is on the back of your bank card.

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!


Back to Back Issues Page