You better watch out, vishing phones scams on the rise with the holidays

Just like Santa, scammers are making their lists and checking them twice. But instead of getting gifts, people fooled give up personal information.

In a recent article by the Journal & Courier, a Lafayette woman was scammed out of $9,600 after a man posing as her grandson requested she buy gift cards in large sums. Also reported: an uptick of scammers calling and posing as the IRS.

Using a phone call or voice mail to con someone into giving up their personal information is known as vishing. This method can be more persuasive than all-too-common phishing emails, but it uses the same techniques: requesting personal information, pressing for immediate action, promising something too good to be true.

Some examples of vishing calls or voice mails:

• Claim your bank account or credit card are compromised and instruct you to call a number, where an automated system asks you to enter your account information, thus exposing it to the scammer for real.
• Claim your computer is compromised and they’re calling to help, then direct you to a website granting them remote access so they can fix the problem.
• Offer you a gift or gift card with a value of hundreds or thousands of dollars, which you can receive by paying a small shipping and handling fee with a credit card or bank transfer.
• Claim to be an official from Purdue (or other organizations) and tell a student, or a student’s parents, they need to charge or wire money to settle a student debt, or to provide some personal information.

Greg Hedrick, Purdue’s chief information security officer, says vishing scams have been reported on Purdue’s West Lafayette campus and it’s important to scrutinize anyone asking for account information.

“We've had some folks receive odd phone calls on their office telephones from an unknown person asking how their printers are doing and claiming that a recent toner order had been canceled,” Hedrick says. “The person on the phone offered to send them toner and 'invoice us like normal,' and then they send invoices for ridiculous prices.”

If you receive suspicious calls or voice mails:

• Ask for the caller’s name or employee number and call the company back using the company's telephone number listed on billing statements or other official sources, not the number provided by the caller or caller-ID. Vishing attacks often use Voice over Internet Protocol (VoIP), which allows caller-ID to be spoofed easily.
• Think twice about providing personal or financial information over the phone, especially if you did not initiate the call.
• Make note, if someone claims you owe a debt, both state and federal laws give you certain rights, including the right to receive written verification.
• Keep in mind that you probably aren’t going to win a prize if you did not enter a contest. If a call sounds too good to be true, it most likely is.
• Remember, law enforcement agencies don’t collect fines over the phone, nor would law enforcement contact citizens by telephone and ask for personal information relating to taxes or debt. Likewise, the IRS, the Center for Medicare and Medicaid Services, and the Social Security Administration will not call you to update your information or give you a new card.

On your mobile phone, it also is wise to be aware of smishing, which exploits SMS or text messages for the same purposes as vishing and phishing.

You can file a complaint about vishing with the Federal Trade Commission and also place your personal phone number on the federal “Do Not Call” list. You can list your number on Indiana’s no-call list as well.

Students, faculty and staff may contact Purdue Police at 49-48221 to make a report if they suspect that their accounts have been compromised.

For more information on cybersecurity at Purdue visit the SecurePurdue website.

Writer: Kirsten Gibson, technology writer, Information Technology at Purdue (ITaP), 765-494-8190, gibson33@purdue.edu.

Last updated: Dec. 7, 2017