Attorney General Rob McKenna: Today’s high-tech cons have become efficient at using the Internet to trick unsuspecting consumers into divulging personal information that can be used to steal your money or your identity. “Vishing” (abbreviated from voice-mail phishing) uses Internet-based phone systems to convince people to share credit card numbers and is the latest identity theft ploy.

Scammers use Voice over Internet Protocol (VoIP), a technology that allows people to make calls using an Internet connection instead of a regular phone line. The con’s automated phone message or e-mail lures victims into dialing a fake (800) number. A recorded voice then prompts them to confirm an account number, such as a credit card number, using the phone’s touch pad.

Vishing evolved from “phishing,” in which identity thieves send e-mails that appear to come from businesses you may have accounts with, such as a bank, online auction site or Internet service provider.  The messages usually say that you need to validate your account information and contain links to look-alike Web sites. The sites then instruct consumers to “re-enter” their credit card numbers, Social Security numbers, bank PINs, or other personal information.

Similar messages can be used in vishing fraud, except that consumers are told to call a number instead of click on a Web site.

Other times, victims receive a phone call that appears to come from a legitimate financial institution. Cons use computer technology to dial random phone numbers, then play a recorded message to anyone who answers. The message warns that a person’s credit card has been used fraudulently and the card holder to enter their account number, as well as the security code found on the back of the card.

To make the call seem more legitimate, cons use technology that makes it appear that they are calling from a local financial institution.

Here’s how not to be taken by “vishing:”

• Never respond to a cold call requesting personal information. Likewise, don’t reply to e-mails that ask for personal information and don’t click on links in e-mails or pop-ups. Creditors, government agencies and companies you do business already have your personal information and will not contact you to verify it.
• If you receive a message indicating that your account has been compromised, do not simply call the number you’re provided. Instead, contact your financial institution directly using the phone number on your credit card and ask to speak to someone in the fraud department.
• Don’t trust caller ID. Spoofing caller ID is easy with Internet-based technology that allows people to appear they are calling from any number they choose.

Consumers may be less skeptical of a phone call than an e-mail. The Attorney General’s Office hasn’t received any reports of vishing victims in Washington, but it’s likely someone has fallen prey to the scheme and not reported it to our office. Help protect your friends and family by educating them about vishing and other forms of fraud.