Credit Card Guide
Follow Us  twitter facebook You Tube Google+
Credit Cards > Credit Card News > In the News > Credit Card Vishing Attacks On the Rise


Credit Card Vishing Attacks On the Rise

By Eva Norlyk Smith, Ph.D.
May 22, 2009
email print comment

Credit card fraud is rampant these days. Every day it seems like fraudsters come up with new approaches to get their hands on your credit card number. Stealing wallets with credit cards is way too last century; these days, fraudsters have much more elegant ways to relieve you of your credit card information.

Unbeknownst to you, while you pump gas, your credit card information may be skimmed off by a small device attached to the gas pumps. Store clerks or restaurant cashiers similarly can use a small handheld device to download your credit card information off the magnetic strip on your card. Dumpster divers can dig up old receipts or credit card statements; and then, of course, there are those fraudulent phishing e-mails trying to install spyware on your computer or deceive you into divulging sensitive information.

One of the newest scams is a so-called vishing attack, which is often used in combination with credit card skimming or phishing emails. Short for voice phishing, vishing scams use Voice over Internet Protocol (VoIP) phones to trick people to give out their personal information. According to the FBI’s Internet Crime Complaint Center (IC3), the vishing attacks are increasing at “an alarming rate.”

In a recent scam targeting Visa and MasterCard holders, fraudsters call victims whose credit card number they already have. The scammer explains that the cardholder’s account has been flagged for fraudulent activity, and alarms the cardholder by making reference to a bogus charge from an unknown company. The scammer then promises to take care of the issue, but explains that he first needs to verify that the cardholder is still in possession of the card. He then asks the cardholder for important card details that are not skimmed off with the credit card information, such as the person’s address and the 3-digit security code on the back of the card.

Also known as CVC2 codes, the 3-digit security codes imprinted on the signature panel of MasterCard and Visa credit cards serve an important security purpose. They are not encoded in the magnetic stripe of the card, and therefore not picked up by card skimming devices or by scammers who get their hands on a copy of your credit card statement. The CVC2 code is required for most credit card transactions where the physical card is not present, so the security code is vital for fraudsters to use the credit card.

In other instances, fraudsters use a two-prong approach, combining phishing with vishing. They send out a blast phishing e-mail, disguised to appear as if it’s from a well-known financial institution, on-line payment service, or auction service like eBay. The email reports a “security” problem with the account and asks receivers to call a telephone number to update and verify their account. When victims call the number, typically an automated voice prompts them to enter sensitive information, like their credit card account number, passwords, PIN number, credit card expiration date, or other personal information for the purposes of “account verification.” In some cases, the phone may even be answered by an “employee” who asks them for certain account details to “verify” that they are the account holder.

Vishing is an instance of so-called “social engineering” crime. It exploits people’s trust in authorities and in landline telephone services, which, unlike email, are not typically compromised. Add to that the scare tactics used to trick cardholders into believing that their credit card is being used for fraudulent charges, and it’s no wonder that many people get hooked.

What can you do to protect yourself? Like in the case of credit card fraud from phishing emails, knowing what to look for is half the battle. Here are four steps to avoid falling victim to vishing attacks:

  • Be just as suspicious of phone calls as you are of emails, even if they appear to come from your credit card company.
  • Don’t ever get scared or intimidated to give out personal information like your credit card number, bank account information on the phone.
  • If you receive a phone call that’s even the least bit suspicious, hang up. Then contact your bank or credit card company directly to verify the validity of the phone call and report the matter.
  • Don’t trust a phone number just because it displays your local area code or the number of your financial institution. VoIP enables thieves to create false caller IDs, which make them look like calls from a legitimate company.

If you suspect you have received a vishing call, help fight credit card vishing by filing a complaint at the FBI’s Internet Complaint Center.




Govt. Watchdog Zeroes in on Debt Collectors - Consumers hounded by sometimes-threatening debt collection calls could soon get some relief. The Consumer Financial Protection Bureau will be keeping a closer eye on debt collectors starting next year

Banks Sound Off On New Complaints Database - If you want to complain about your credit card, a new government website will let you make that complaint public. That's a win for consumers -- but is it fair to banks?

Do Overdraft Protection Programs Prey on the Poor? - The Consumer Financial Protection Bureau (CFPB) is launching an investigation into banks' overdraft protection programs and fees



  If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the ‘Post to Facebook’ box selected, your comment will be published to your Facebook profile in addition to the space below.

Our editorial content is not sponsored by any bank or credit card issuer. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Comments Closed


Secure SSL Technology
Secure SSL
Twitter Facebook You Tube Google+
About Us Privacy Policy Editorial Team Terms of Use
Contact Us California Privacy Rights Media Relations Site Map

Close X