Yesterday, I received a vishing (i.e., voice phishing) call supposedly from one of my banks in which I have an account with:
This is a call from Chase National Bank. We’re seeing unusual activity in your account. We need to talk to you as soon as possible. Again, it’s imperative that you call us back. The number to reach us is….(not my real bank)
I’ve been receiving this type of phone calls at work for a long time, but I never bothered to dial back because (1) I know it’s a scam, and (2) I’m too busy to mess around.
But since it’s a weekend, I decided to return the call to see exactly what the scammers say to get people to hand over their money. Besides, I’m constantly looking for something interesting to write about.
Returning the scammer’s call
My persona was “Mark Sullivan,” a mild-mannered gentleman who wouldn’t hurt a fly. I’m putting him on speakerphone like I always do when calling 800 numbers.
Here’s how the conversation went (edited for length and clarity):
“Hello, Chase National Bank. How can I help you?”
The guy had a distinctively South Asian accent.
“Hi, my name is Mark Sullivan. I got a call about my account. He said it’s urgent.”
“My name is Amir Khan from Chase National Bank’s payment verification team. We automatically receive alerts about unusual transactions. I called to ask if you authorized three $600 fund transfers from your account in the last week.”
“Umm… I— I don’t think I had that many, but maybe I do,” I played along, pretending that I’m anxious.
Amir, smelling my vulnerability, worked to reel me in further:
He explained this is likely fraudulent activity, and I could quickly lose my money. But to cancel the transactions, he needed to do some routine security checks.
“Please tell me the last 4-digits of your social security number and the address associated with the account.”
Without hesitation, I gave him a random 4 digit and a fake address that I grabbed from thin air.
“For verification, please give me the PIN associated with the account.”
“Oh gosh, I forgot my PIN. Can I provide you with my online password instead??” I replied.
“Sure,” Amir quickly replied.
“Do you have a pen ready? It is…”
“G – O,”
“F – U – C – K,”
“Y – O – U – R – S – E – L – F,”
I politely replied one letter at a time.
My nine-year-old burst into laughter. It was too late when I realized that he was listening attentively in the background.
Many people still fall for this scam.
With advances in technology, scam now comes in many forms. Whether it’s vishing, phishing, or sextortion—- scammers are using scare tactics and emotional manipulation to trick people into giving up their information.
The scammer may even create a fake Caller ID profile (called ‘Caller ID spoofing’) which makes the phone numbers seem legitimate. The goal of vishing is simple: steal your money, your identity, or both.
And because they’re relatively easy to replicate, scammers can send thousands of these and many, especially the elderly, are being swindled.
How to protect yourself
Admittedly, what I did was silly. Trying that could expose you to more risks. But here’s what you can do to protect yourself, according to McAffee:
- Educate yourself: Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents, and if your bank provides information about vishing online or in the mail, sit up and pay attention. As this crime becomes more sophisticated, you’ll want to stay up to date.
- If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
- Don’t trust caller ID, which can be tampered with and offers a false sense of security.
- Call your bank and report any fraud attempts immediately. The sooner you do, the more quickly the scam will be squashed.
- Document the call, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller, and report this to your bank.