- Jan 24, 2011
- 9,379
Voice phishing – Vishing, for short – has been around for a long time and is all about using the phone and social engineering to grab the information required.
It isn’t easy to trace or shut down, and the consequences can be devastating [1], [2].
Vishing can start with an email or a text but the ultimate goal is to get you on the other end of a telephone line. From there, the scammers will go about harvesting your data by pretending to be your bank and asking for card
With that in mind, here’s a couple of messages I received today on my mobile:
“HSBC CREDIT CARD SECURITY:
Our monitoring system has detected unusual transaction on your credit card. Please call our 24-hour customer service hotline at [snip] for verification. For your security we have placed your card on temporary hold while awaiting your confirmation.”
Another one, sent shortly after the first:
“Telephone [snip] for verification. For your security we have placed your card on temporary hold while awaiting your confirmation.”
This was news to me, because I don’t have a HSBC credit card. I tried the number but it didn’t work; however, a quick dig around social networks and I found a few more examples. We called one US number seen on a Tumblr post, which was attached to the following message:
“VISA ALERT: Your debit / credit card has been temporarily disabled. Please call VISA 24hr reactivation line”
After a short wait, we were put through to an automated message which directed us to enter various pieces of information via the keys. Here’s how it went down:
It isn’t easy to trace or shut down, and the consequences can be devastating [1], [2].
Vishing can start with an email or a text but the ultimate goal is to get you on the other end of a telephone line. From there, the scammers will go about harvesting your data by pretending to be your bank and asking for card
With that in mind, here’s a couple of messages I received today on my mobile:
“HSBC CREDIT CARD SECURITY:
Our monitoring system has detected unusual transaction on your credit card. Please call our 24-hour customer service hotline at [snip] for verification. For your security we have placed your card on temporary hold while awaiting your confirmation.”
Another one, sent shortly after the first:
“Telephone [snip] for verification. For your security we have placed your card on temporary hold while awaiting your confirmation.”
This was news to me, because I don’t have a HSBC credit card. I tried the number but it didn’t work; however, a quick dig around social networks and I found a few more examples. We called one US number seen on a Tumblr post, which was attached to the following message:
“VISA ALERT: Your debit / credit card has been temporarily disabled. Please call VISA 24hr reactivation line”
After a short wait, we were put through to an automated message which directed us to enter various pieces of information via the keys. Here’s how it went down:
“Thank you for calling visa card services 24 hour card acitivation service
If you’ve received a text message alert telling you your card has been deactivated, please press 1. To continue, press 0″
Pressing zero simply looped me back to the beginning – all you can do here is press 1 to get to the next part.
If you’ve received a text message alert telling you your card has been deactivated, please press 1. To continue, press 0″
Pressing zero simply looped me back to the beginning – all you can do here is press 1 to get to the next part.
“Valued customer, due to a recent banking software upgrade reactivation is required. To reactivate, press 1.
Enter your sixteen digit card number.
Enter your card expiry date – month / year.
Enter the three digit code on the back of the card.
Enter your PIN number.”
At this point, the call simply fell silent – I’m not sure if there was supposed to be anything after that or they already had what they needed and thought eh, whatever.
Read more: https://blog.malwarebytes.org/fraud-scam/2014/10/here-vishy-vishy/
Enter your sixteen digit card number.
Enter your card expiry date – month / year.
Enter the three digit code on the back of the card.
Enter your PIN number.”
At this point, the call simply fell silent – I’m not sure if there was supposed to be anything after that or they already had what they needed and thought eh, whatever.
Read more: https://blog.malwarebytes.org/fraud-scam/2014/10/here-vishy-vishy/
