• Home
  • Products & Services
  • Membership
  • Apply Online
  • Convenience Services
Fraud & Security Resources


Vishing

To understand "Vishing", you must first be familiar with the terms "VoIP" and "Phishing."

VoIP(Voice over IP) is a telecommunications breakthrough enabling telephone calls over the Internet or internal corporate networks.

Phishing: Phishing is an attempt to illegally gather personal information, such as usernames, passwords or credit card details, by acting as a legitimate and trustworthy entity through internet communication. This offense is normally performed through email or instant messaging, and typically directs users to enter their data onto a website.

The word "Vishing" is a combination of VoIP and Phishing, and marries an older form of communication (telephone) with modern technology (VoIP and internet communication). Vishing uses the telephone rather than a link in an email to obtain private, personal, and financial information. Attacks can originate as an email or a telephone call, the strategy of each is basically the same. The recipient is directed to call a phone number they believe is affiliated with their financial institution or a company with whom they do business. The phone number dialed belongs to the perpetrator's VoIP phone, which is programmed to recognize key strokes or phone tones. Typically, the recipient will hear a message asking them to enter their account number via the phone keypad to verify their identity. Victims can unknowingly divulge any of the following: 

  • Social Security numbers 
  • Account numbers
  • Personal identification numbers (PINs) 
  • Credit card numbers, expiration dates, and card security codes 
  • Birthdays
Due to wide use of these types of data entry methods by financial institutions, most people are comfortable and feel secure entering their information on a touch-tone telephone. Because vishing utilizes VoIP, it is very difficult for authorities to monitor and trace. VoIP provides the ability to mask identity, location, or phone number (spoof caller ID), and provides inexpensive automated systems and anonymity for the person behind the operation. In addition, VoIP providers allow customers to select any area code and prefix, making it easy for a perpetrator to use a local number. Victims who call the "local" number have no idea their call is being routed to a distant location via the Internet.

Voice recognition technologies have also reached an advanced level and are relatively inexpensive to acquire. Sophisticated vishers are not merely restricted to numeric data and can steal additional information details such as names and addresses via these additional technologies.

Be aware and use common sense: 

  • You should also be skeptical of anyone contacting you and attempting to gain your private banking or personal information.
  • If you receive an email directing you to call a specified telephone number, disregard it and contact the financial institution directly with a number you know is valid, such as the one from your account statement or telephone book.
  • Educating others can be very helpful. Let your friends and neighbors know what you have learned about vishing and other security related matters and caution them to be on guard for these types of attacks.
What To Do If You Are A Victim Of Vishing

If you think you are a victim of vishing, contact your financial institution immediately and notify them of the issue. Additionally, you should consider contacting the Internet Crime Complaint Center (IC3) immediately at http://www.ic3.gov/complaint. The IC3 serves as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.

NCUA Equal Housing Lender
blank