What’s vishing? How to spot the latest phone scams

« Return to Learn

Anyone with an email account has probably been the target of a phishing scam at some point. That’s when someone pretends to be from a reputable organization to trick you into disclosing personal information. The goal: to steal your identity or money.

Email isn’t the only vehicle for phishing scams. Identity thieves can also use texts, direct-chat messages and even voice calls to press you for financial details, such as account numbers or passwords. Voice phishing, or vishing, has gotten easier with voice over internet protocol (VoIP) technology, which allows scammers to place hundreds of phone calls at a time and spoof your caller ID to make the call appear to come from a trusted source—such as your financial institution.

According to the FBI’s Internet Crime Complaint Center, phishing crimes cost victims more than $54 million in 2020 alone, with more than 240,000 complaints nationwide. Your security matters and we’re here to help protect you. We connected with Matt Wilson, OCCU’s VP of Risk and Administration, to learn more and share with you how to recognize and protect yourself from these scams.


Common vishing scams

Phone calls account for about three out of every four fraud complaints reported to the Federal Trade Commission. Vishing scams typically have three things in common: they mimic a trusted source, they have a sense of urgency (a penalty you’ll have to pay or a great deal you’ll miss if you don’t act immediately), and they want you to divulge specific information or take a specific action.

Vishing scams also tend to center around common themes, which can help make them easier to spot. For example:

“Your credit card or bank account has been compromised.”

Posing as a representative from your financial institution, the caller informs you that there’s a problem with your account or with a payment you recently made. They may ask for your login credentials to correct the issue—or instruct you to make a new payment on the spot.

If you’re an OCCU member, these types of calls can be convincing because we do contact our members by phone for various services. Since your financial security is a top priority of us, we absolutely support you taking whatever measures are necessary to ensure the call is legitimate before giving us your information. For example, “it is always ok to hang-up the call and dial us back directly and ask to be connected to the caller,” says OCCU Leadership team member Matthew Wilson, VP of Risk and Administration. “It’s a simple thing to do to help validate that you don’t have an imposter calling you.”

“There’s something wrong with your tax return.”

Scammers often pose as reps from government agencies such as the IRS, Medicare or Social Security reps to glean sensitive financial information, particularly from older adults. They may make threats to scare you into giving them what they want. Then they use the information to steal your money or use your federal benefits.

It’s important to know that government agencies will never call you about a problem with your accounts. “They just don’t do that,” Wilson says. If a caller claims to be from the IRS or Social Security Administration, “it’s a high probability the caller is a fraudster.”

“There’s a problem with your computer.”

You’ve probably seen pop-up ads warning that your computer is at risk. Clicking these ads often installs malware on your computer, allowing scammers to track your activity and access your passwords. The vishing equivalent of this scam is a call from someone claiming to be from Microsoft, Apple or another major technology company. They may offer to help you install software to correct the problem—usually malware.

Like government agencies, big technology companies will never call you about a problem with your computer or account. However, if you do fall for this scam, keep in mind that simply changing your passwords isn’t enough to protect you.

“If you were convinced and allowed access to your personal computer equipment, don’t change your password from the same machine,” Wilson says. “There’s a significant probability that the fraudsters have placed malware on the machine that is tracking your activity and they’ll be able to see what you’ve changed your password to and just keep making updates to their own systems.”


What to do if you’ve been scammed

If you realize you’ve been the target of a vishing scam, report it immediately. First, contact your financial institution and ask about canceling fraudulent transactions and blocking future charges.

“If you are concerned that you’ve fallen victim to a social engineer using vishing methods, don’t be embarrassed!” Wilson says. “Get on the phone with your financial institutions and let them know so that we can all assist in monitoring your accounts for fraudulent transactions.”

Next, you may want to consider freezing your credit reports and notifying the Internet Crime Complaint Center (IC3), he adds.

If you discover you have accidentally given financial information to a scammer, OCCU is here to help. We’ll work with you to minimize damages and help you recover from identity theft so you can get back to business as usual.