What Is Vishing?
Vishing—or voice phishing—is the use of fraudulent phone calls to trick people into giving money or revealing personal information. It's a new name for an old problem—telephone scams. Vishing frequently involves a criminal pretending to represent a trusted institution, company, or government agency. You may be asked to buy an extended warranty, offered a "free" vacation, told your computer is infected and you need anti-virus software, or asked to donate to charity.
Learn to Catch a Vish
Scammers or "vishers" often offer exaggerated or fake prizes, products, or services. They then ask for your credit card number or other personal information to get you to pay for associated fees or more. Watch out for:
- Offers from companies you do not do business with and/or have not heard of.
- An announcement that you have won a prize in a contest you did not enter.
- Promises of unrealistic returns for your money.
- Pressure to make immediate decisions to give the caller what they want, which may include:
- Money
- Financial account information
- Personal information
- Organizational information, including names and contact information of coworkers at the university
- Threats of consequences—such as fines or penalties—if you don't provide money or information.
- Unprofessional, hostile, or even obscene language.
- Unsolicited calls offering to help you with debt, unpaid taxes, or previous cases of fraud.
Learn more about these and other signs of a scam at Federal Trade Commission (FTC): Phone Scams.
Protect Yourself from Voice Phishing
- If a caller claims to be from an institution you do business with, such as your bank, and they ask for personal information (account numbers, Social Security numbers, and so on), hang up, find that institution's phone number, and call them. If the call you received was fraud, report it!
- If a caller claims to be from a tech support company (often a well-known company or one with which you do business) and says they need to fix a security alert or a problem with your computer or bank account using remote desktop software (a client application that allows a “client” computer to connect to a “host” computer from a remote location), hang up.
- Do not pay fees for prizes or rewards offered by phone.
- The IRS will never ask you for debit or credit card numbers by phone or demand immediate payments using specific methods, such as prepaid gift cards, debit cards, or wire transfers. The IRS will generally contact you first via U.S. Mail.
- Do not send money or give out personal information (such as credit card numbers and expiration dates, bank account numbers, dates of birth, or Social Security numbers) in response to unsolicited phone calls from unfamiliar companies or unknown persons.
- Don't trust caller ID. Phone numbers and caller identities can be faked. There have been reports of forged phone numbers from U-M, government offices, and other businesses and institutions.
- Add your phone number to the National Do Not Call Registry to reduce unwanted sales calls.
- Find out what to do about unwanted calls, emails, and text messages at FTC: Unwanted Calls, Emails, and Texts.
- See these Safe Computing pages about specific scams:
Report Phone Scams/Vishing
- Calls to or from U-M phone numbers. You can report these to the U-M Division of Public Safety & Security. See Nuisance/Malicious Telephone Call Guidelines.
- Other calls. You can report phone scams, identity theft, and more to the FTC.