Consumer Alerts

E-mail and Telephone Fraud Warning

Consumers should be aware of a new scam known as “vishing”, short for “voice phishing”. Vishing is a variation on the “phishing” e-mail scams that have been used by fraudsters in recent years.  

The original phishing e-mails are crafted to look like messages from major banks or other financial service providers (sample provided below). These messages generally instruct recipients to click a link in the e-mail to confirm their personal information. The link then connects them to a bogus site that mimics the service provider’s site, where consumers are prompted to provide or verify private information, such as credit card numbers or an on-line banking password, which is then used by thieves to tap into accounts.

Vishing hooks consumers using two different approaches. The e-mail based version of the scam, like the original phishing, uses e-mails that mimic messages from an online payment service provider, such as PayPal or eBay. The messages may say that there is some problem with the recipient’s account. Instead of providing a link to a fake website, vishing e-mails provide a false customer-support telephone number. When consumers call, an automated service prompts them to “log in” by providing account numbers and passwords, using the telephone keypad.

Consumers may also receive direct calls at home, or messages left on their answering machine warning that their account may be at risk and suggesting they call customer support immediately.  Fraud artists may even try to gain consumers’ trust by “confirming” personal information they have on file, such as the clients full name, address or credit card number. 

If you receive one of these messages:

DO NOT respond to an e-mail asking you to disclose personal information, such as an online password, your debit or credit card numbers or your personal identification number (PIN).

Do NOT use the phone number provided in the e-mail or in the telephone message without first verifying that it is valid. To confirm that the phone number provided is legitimate, contact your financial institution using the phone number provided on the back of your debit or credit card, your monthly statement or a published number you have looked up yourself.

In some cases, financial institutions may contact you by phone or leave you a voicemail message if they suspect fraudulent activity on your debit or credit card or account.  As part of a legitimate conversation with your financial institution, you may be asked questions to ensure they are speaking to their client.  You will NOT, however, be asked to verbally provide your PIN or password.  Use the procedures above to make sure that the financial institution you are speaking with is legitimate.

As a general rule, always be cautious about how and with whom you share personal and financial information.

Many financial institutions have publicly committed to protecting their customers in the event of fraud. FCAC oversees public commitments made by federally regulated financial institutions. If you are the victim of fraud as the result of a phishing or vishing scam and are being held liable by a federally regulated financial insitution, or for more information on your rights and responsibilities, please contact FCAC toll-free at: 1-866-461-3222.

Sample fraudulent e-mail: