The Latest Vishing Attack

We're all familiar with phishing attacks that attempt to fool people into giving away personal information through email scams of various types. A newer and related type of attack is "vishing", or voice phishing, in which consumers receive a telephone call asking for confidential information.

This past weekend in Snohomish County, Washington (just north of Seattle), a number of people received telephone calls supposedly from the Snohomish County Public Utility District (PUD) Credit Union. The computerized voice said to call a toll-free number -- callers to that number were then asked to enter their ATM or credit card number and personal identification number. More information on the scam is available at http://www.heraldnet.com/stories/07/03/26/100loc_b4scam001.cfm.

Vishing is potentially a far more serious problem than phishing ever will be. People who receive these calls have fewer clues about the origin of the call. At least with email phishing attempts, one can scan the source code for clues about the legitimacy of the email or recognize the same phishing attempt that comes in over and over. In a vishing attempt that is well executed, however, those clues just don't exist, making it easier for people to fall for the scam.