March 29, 2007

County Executive Andy Spano today warned consumers to learn about the latest variation on identity theft.

“As savvy computer users have gotten increasingly wise to ‘phishing’ emails, scammers have developed vishing as a new way to commit identity theft,” said  Spano. “We want people to be aware of this new scam.”

“Phishing” refers to the practice by con artists of sending people unsolicited emails disguised to look like they’re from a legitimate financial institution. The emails contain a link to a bogus website. Once there, unsuspecting consumers give out personal information, including Social Security numbers, bank accounts or passwords that allow their identity to be stolen.

Now con artists are using a new scam called “vishing” — short for voice phishing —  to obtain account information from consumers. Instead of sending emails which direct people to a fake website, the scam attempts to trick people into supplying sensitive personal information via the telephone.

Gary Brown, director of Consumer Protection for Westchester, gave these two examples of how vishing works:

• You’re contacted by phone. The caller says he or she is from the security department of your credit card issuer and claims that your account has been compromised or needs updating or verification. The caller already has personal information about you, including your credit card number. That creates a false sense of security. Then the caller says, “We need to verify that you are in possession of your card,” and asks for the three-digit security code on the back of the card. Armed with that additional piece of information, the con artist can now process charges against your account – even with vendors which   require the security code.

• You get an e-mail like a traditional phishing scam. The email asks you to update your account information, but instead of being directed to click on a link and go to a Web site, you’re told to provide the information by telephone and given a number to call.  
  Vishing uses Voice-over Internet Protocol (VoIP) technology that makes Internet phone calls cheap, anonymous and difficult to trace. Additionally, VoIP allows for caller ID “spoofing,” which makes it appear that the call is actually coming from the consumer’s financial institution. However, the call could be generated from anywhere in the world.
  “Vishing is the next generation of phishing,” said Brown. “It’s an insidious scam, but one which can be avoided if consumers take the necessary precautions.”

The Department of Consumer Protection offers these tips to protect consumers from vishing:

• If you receive an unsolicited call from someone who claims to work for the security department of your bank or credit card company, hang up immediately if the caller asks you for personal information. Financial institutions don’t request identifying information over the telephone, as they already have that information on file. Call your bank or credit card company using the telephone number on the back of the card or on your billing statement and report the incident.
• To verify that a call about your account is legitimate, ask the caller to provide his or her name and department. Then call back using the number listed on the back or your credit card or on your billing statement.
• Don’t automatically trust the authenticity of a call based on caller ID. Con artists can make it appear that the call is coming from your financial institution.
• Do not comply with an e-mail that says there’s a problem with your account, or that you must update your account, and instructs you to call a telephone number and provide personal information. Instead, call your bank or credit card company using the telephone number on the back of the card or on your billing statement.
• Greet all phone calls and e-mails about your accounts with a great deal of skepticism.
• If you think you’ve been a victim of vishing, contact your financial institution and the police immediately.

For further information, contact the Department of Consumer Protection at (914) 995-2155.