Vishing (a combination of the words Voice and Phishing) is a phone scam where fraudsters target a business by phone and try to trick you into divulging financial or security information or into making a financial transfer to them.
A fraudster will phone, claiming to be from a bank, card issuer, the Gardaí/Police or a service provider such as a telephone company, internet provider or computer company. They trick you into believing they are a legitimate representative of the organisation and that it is in your interest to give the information they ask for.
Fraudsters can try to extract information from you such as information on your computer system, debit or credit card details, PIN number, online banking details, password and business details such as name and address. This information is then used to access company bank accounts or carry out transactions with your card or steal personal customer information.
The following are some variations of vishing:
- Technical/Phone support Scam: You receive a fraudulent call from someone claiming to represent your terminal or till maintenance. They look to talk you through a procedure over the phone to “fix a problem” or “upgrade your system”.
- Courier fraud: The fraudster makes contact with you by phone, advising you that something is wrong with your card and asking for personal information in relation to the card. They then advise you that they will send a courier to collect the card.
- Number Spoofing: The criminal makes contact with you by phone. They hide the number they are really calling from and make it look like they are calling from the phone number of the genuine company.
- There have also been cases where the fraudster encourages the victim to check the validity of their identity or to make an immediate report to the Gardaí/Police. When the individual hangs up their landline, the fraudster holds the line open (by not hanging up). When the individual picks up the phone again to ring the genuine company or the Gardaí /Police they do not realise that they are still talking to the fraudster.
- Be very wary of any unsolicited phone calls. Never divulge personal or business information until you have validated that the caller is a genuine representative of the organisation they claim to represent. You can do this by following a number of steps:
- Take the caller’s number and advise them that you will call them back once you have validated their identity.
- Look up the organisation’s phone number (by using the phone book or their website) and make contact directly with them to validate.
- Do not validate the caller using the phone number they have given you (this could be a fake number)
- If the caller is genuine, they will understand and welcome your need to validate them.
- Fraudsters may already have basic information about you or your business in their possession (e.g. name, address, account details), do not assume a caller is genuine because they have these details.
- Remember that it takes two people to terminate a landline phone call, you can use a different phone line to independently check the callers identity.
- Your bank or the Gardaí /Police will never ask for the following:
- Your credit or debit card PIN number or full online banking password.
- Request you withdraw money to hand over to them or transfer money to another account, even if they say it is in your name.
- To come to your business to collect your cash, payment card or cheque book.