DNA
Mumbai, Aug 12: A new kind of financial fraud has hit the market lately. It’s called ‘vishing’. And though these are still early days for such frauds, experts warn that they could become more commonplace with the growth of technology and automation.
Vishing involves an individual getting an email or a call from a number saying his bank accounts have been deactivated due to an unauthorised transaction. The email or the call also asks him to call up a phone number to get this rectified.
Falling for this trap, the individual ends up calling up the number and sharing his confidential information over the internet, landing himself in trouble and losing a huge amount of money due to his carelessness.
The customer might receive a phone call with an automated recording, often generated with a text to speech synthesiser, which is played. It informs the customer that his/her bank account or credit card has undergone a fraudulent activity and he needs to call a phone number immediately, which is mentioned on the call. The customer may also receive a MMS on his IT-enabled phone with similar information.
It can also happen through a ‘vishing email’, similar to a ‘phishing email’. Only, instead of directing him to a similar looking website URL link, which is the case with phishing, it directs him to a phone number.
When the customer calls up on the particular number and reveals all his confidential information, the fraudster at the other end, immediately logs into the customer’s account with the user ID and password given to him and steals all the money from the customer’s account.
“At a single instance, multiple calls are made to different consumers by the fraudster,” points out Srikiran Raghavan, regional sales head, RSA (the security division of EMC). He adds that though ‘vishing’ is not widespread in India, there are some cases under investigation and not yet in the public domain. “The fraudster just needs a strong bandwidth to commit this fraud,” said Raghavan.
The number that is mentioned in either of the ways, has a spoofed caller ID of the financial firm the caller pretends to represent. The whole process looks so authentic that it wins the confidence of the consumer, who follows the instructions and ends up sharing confidential data like bank account number, credit card number, security PIN number, expiration date and date of birth, etc.
According to Amuleek Bijral, country manager of RSA, the fraudster accesses a legitimate voice messaging firm with a list of phone numbers stolen from a financial institution. “They have a database from where they pick up numbers and make use of the directory to pick up numbers. There are many middlemen involved in carrying out such activities,” says Bijral.
“Banks are increasingly creating awareness among their customers about such frauds by sending e-mails and educating them. Customers have to immediately inform the bank in case of suspicious e-mails and phone calls,” says Bijral.