A new spin on an old trick could lead to individuals providing valuable, confidential information to phishers.
Phishing e-mails — fraudulent e-mails that request confidential information — continue to plague the online world. Traditionally, a fake Web site is created that looks similar to a bank or a financial institution’s site. Individuals are prompted to go to this fake site and provide their personal information. Thieves then take this information and hack into those individuals’ accounts.
The latest phishing trend, however, doesn’t involve a fake Web site. Individuals are now being called, or sent an e-mail requesting they call a phone number, to verify personal information to an account that may or may not exist. New Voice over Internet Protocol (VoIP) allows phishers to set up an automated phone system that collects the personal information.
Here’s how it works:
1. Individuals receive an e-mail requesting they verify their personal information by calling their financial institution. A fake number is provided in the e-mail. Individuals could also receive an automated telephone call requesting personal information.
2. Once the individual calls the fake number or responds to the call, they are prompted by an automated phone system to enter their personal information for verification. An actual person pretending to be a financial institution employee could also answer the phone and ask you for your information.
3. If the numbers are entered or verified, the transaction is complete. The thief now has the information needed to hack into the customer’s account.
Tips to help prevent an automated phone system phishing attack:
* Be suspicious — if you receive an e-mail from a financial institution that you do not do business with, consider this a red flag. It’s quite possible that the e-mail is from a phisher. These thieves send out “harvest” e-mails in the hope that you respond because you use the financial institution described in the fake message.
* Be cautious — e-mails requesting financial information by phone should be viewed with caution. Most banks and credit card companies will never initiate a telephone call or an e-mail asking for your personal information.
* Don’t provide your personal information — this is the best way to protect yourself against fraud. Never give out your personal information over the phone. If someone is requesting your information, you should contact the institution that supposedly wants this information. Contact them through a phone number that you know to be legitimate.
* Keep an eye on your finances — watch accounts and other financial statements for unfamiliar activity. Credit card charges, withdrawals or new accounts opened without your knowledge are red flags. Contact your financial institution immediately if you see unfamiliar account activity.