Recognizing Phishing, Vishing, and SMiShing Scams
Each scam is described in detail below to help you and your customers identify the fraud types in order to take preventive measures. A critical element to defeating these attacks is cardholder education.
Fraudsters are continually looking for new ways using current technology to obtain your customers' personal banking information. The following are the types of scams fraudsters use to obtain this information:
Phishing refers to e-mails sent to your cardholders by fraudsters known as "phishers." This fraud is designed to trick cardholders into providing personal banking information. Phishers attempt fraudulent transactions when they have the basic personal identity or account information that a cardholder provided to them via a fraudulent e-mail. Never respond to any e-mail message that asks you to confirm or validate personal or account information, no matter how legitimate the e-mail appears.
Vishing is a combination of the words "voice" and "phishing" and is similar to phishing, but with the use of voice or telephone services instead of e-mail. Vishing scams occur when a fraudster known as a "visher" poses as someone wanting personal information from the cardholder, such as PINs or passwords. There have been reports of vishers leaving voice messages requesting a call back to a toll-free telephone number where the victim can provide his or her personal information. The voice message may identify a specific local financial institution and indicate that personal bank accounts have been frozen. The message advises the person to immediately provide his or her ATM or debit card number, expiration date, and PIN to reactivate the account.
SMiShing is a combination of the words "mobile telephone" and "phishing." Make your cardholders aware that if they use their mobile telephones for online purchases and banking needs, they may be more vulnerable to SMiShing scams. Fraudsters may call someone's mobile telephone or leave a message asking for personal information, such as PINs or passwords, or ask the person they are contacting to provide personal information to verify a purchase. It is especially important to note that using the mobile telephone keypad or keyboard to type personal information may provide fraudsters with the ability to record the information given to them.