Iowa State University

ITInformation Technology

Beware of Telephone-Based Phishing

This news item expired December 31, 2010. It may contain out-of-date information.
Telephone-based phishing, or "vishing," is a popular method of social engineering-based fraud. One current scam involves the victim receiving an email that looks like it came from a friend or a distant relative saying they are stranded in a foreign country without money or a passport and asking the victim to wire money to them. The victim responds by calling a phone number in the email, and the person on the other end pretends to be the victim's friend or distant relative. The calls are often good enough to elicit a response and get some money; this is especially true if you have not heard the voice of your friend or distant relative for some number of years.

Another example of this type of vishing scam occurred a few years ago when someone broke into an investment company's system and used the information to try to get some money. A customer called a consultant with the investment company directly to invest money in a fund. Within the hour, he was called back by someone pretending to be a broker for that fund. The original investment consultant had not instructed anyone to call the customer and did not know how the caller received the information.

Please use caution in providing information to someone over the phone if you have not confirmed their identity. More information about vishing is available here, and tips to avoid becoming a victim of vishing scams are available here.