Don’t say yes to vishing, beware strange callers asking “Can you hear me?” and other yes or no questions

Next time you get a phone call that begins with the caller asking “Can you hear me?” your best answer may be to hang up.

In a twist on “vishing” — scams executed by phone calls or voice mail for the same purposes as “phishing” email scams — crooks are using the “Can you hear me?” tactic and other calls designed to elicit a “yes” response. The recorded “yes” may then be paired with stolen credit card numbers or other personal information to tie victims more tightly to illicit charges.

While there have been few such incidents at Purdue, so far, it pays to be cautious, says Greg Hedrick, Purdue’s chief information security officer, particularly if an unknown caller is asking for account information.

Other vishing calls or voice mails may:

  • Claim your bank account or credit card are compromised and instruct you to call a number, where an automated system asks you to enter your account information, thus exposing it to the scammer for real.
  • Claim your computer is compromised and then direct you to a website granting them remote access to your computer so they can “fix” the problem.
  • Offer a gift or gift card worth hundreds or thousands of dollars, which you can receive by paying a small shipping and handling fee with a credit card or bank transfer.
  • Claim to be an official from Purdue (or other organizations) and tell a student, or a student’s parents, they need to charge or wire money to settle a student debt.

If you receive suspicious calls or voice mails:

  • Ask for the caller’s name or employee number and call the company back using the company's telephone number listed on billing statements or other official sources, not the number provided by the caller or caller-ID. Vishing attacks often use Voice over Internet Protocol (VoIP), which allows caller-ID to be spoofed.
  • Think twice about providing personal or financial information over the phone, especially if you did not initiate the call.
  • Make note, if someone claims you owe a debt, both state and federal laws give you certain rights, including the right to receive written verification.
  • Keep in mind that you probably aren’t going to win a prize if you did not enter a contest. If a call sounds too good to be true, it most likely is.

Remember, law enforcement agencies don’t collect fines over the phone or contact citizens for personal information relating to taxes or debt. Likewise, the Internal Revenue Service, the Center for Medicare and Medicaid Services and the Social Security Administration will not call you to update your information or give you a new card.

On your mobile phone, it also is wise to be aware of “smishing,” which exploits SMS or text messages for the same purposes as vishing and phishing.

You can file a complaint about vishing with the Federal Trade Commission and also place your personal phone number on the federal “Do Not Call” list. You can list your number on Indiana’s no-call list as well.

Students, faculty and staff who suspect that they’ve been victims of fraud may contact the Purdue police to make a report about campus incidents or their local police for off-campus incidents.

For more information on cybersecurity at Purdue visit the SecurePurdue website.

Writer: Information Technology at Purdue (ITaP) Communications, 765-494-8167, gkline@purdue.edu

Last updated: January 31, 2017

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2015 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.