Vishing is another highly sophisticated form of social engineering combined with Voice over IP (Internet Protocol) to obtain sensitive information from unexpected users. This type of attack plays on the public trust in landline telephones being terminated at physical locations; however, with the advancement of Voice over IP telephone communication, telephone numbers can be directed to any location. Caller ID can be masqueraded or spoofed to look like it is arriving from a legitimate source.
An example of a vishing scheme is when a user is called by a criminal using an automated program. When a user picks up on the line, they get a recording masquerading as their financial institution advising the user that their credit card has been fraudulently used. The recording provides a telephone number and instructions for the user on how to proceed to protect them from this fraudulent use. The user then calls this number and receives another automated response requesting credit card number information and PIN number information. This system may also attempt to obtain other sensitive information. The criminal element can now utilize this information to carry out other fraudulent activity on this credit card. The user does not expect anything since the scam appears to be legitimate.
Vishing is very hard to monitor and it is advised that consumers do not follow these types of instructions, but instead, call their financial institutions directly if they have any concerns or questions about the claimed activity on their accounts.