On the surface, the next wave of "social engineering" threats (dirty tricks by scammers and spammers) seems to be a bit more low-tech than the Facebook trojan horse programs we've seen earlier this year. However, what looks like low-tech really isn't, and can be much more effective at stealing important information.

Anybody can be caught, so this is an important risk to learn about.

It all depends on who you trust, and how greedy you are.

What is Vishing?

Vishing is essentially any attack (via email, fax or otherwise) that tries to get you to phone a specially set up phone line designed to deceptively capture sensitive information from a caller.

For example, where spammers often try to get you to click on a link in an email, they are switching to toll-free phone numbers for anything you might want.

Why is it dangerous?

Fortunately, people are becoming wary of links and attachments in emails that could be dangerous. Nevertheless, for some reason, using the phone doesn't "seem" as dangerous to most people.

But once you've given somebody your name, birth date, and SSN or SIN, you've given them enough information to apply for credit in your name, AS IF THEY WERE YOU, and if they get it, YOU WILL PROBABLY BE LIABLE.

So, what happens if you get a fax that offers great rates on life insurance that you think are competitive, but not ridiculously low? Would you call to find out more?

There's really no harm in calling is there? We all tend to feel a little safer because of the CANSPAM and "Do-Not-Call" lists. There are legal limits on what telephone solicitors can do, right? Actually, that's not much of a deterrent to scammers from "out of country".

What makes it seem even more "official" is that you often end up in an "Automated Call Direction" (ACD) system... "If you'd like great rates on life insurance, press 1... for loans, press 2..."

The "V" in Vishing Stands for VOIP

Here's where the scheme gets a little more high-tech behind the scenes. With new Voice-Over-IP phone services, anybody can get an Internet phone number that doesn't have a land-line associated with it. Calls can become very hard to trace, and what looks like an 800 number can originate or receive calls from any country in the world.

So, you may end up giving your personal financial information to a fraudster, just because of your belief that phone fraud is more under control than computer fraud.

What To Do?

1. Don't call any vendor who doesn't advertise with a physically verifiable address that you can look up in a telephone directory. You don't know where they might be in the world.
2. Don't give anybody your personal or business contact information by phone, fax, email, in person or on the web, and especially don't provide any sensitive information, until you can verify that they are a legitimate business that operates in your legal jurisdiction. Find out where they are based, and contact the Better Business Bureau. You can look for tip-offs by searching for the name of the service, plus the word "scam" in Google'; but that's very unreliable. It's better just to ignore the offer, if you can't verify the organization AND it's contact information. Don't forget, they could say they are calling from "American Express" or "Visa", and give you a different phone number in a fax or email.
   
3. If you suspect a scam, contact the police or the Better Business Bureau. Provide as much information as you can about the source and the type of information they are asking about.
   
4. Stick with reputable local or national firms who, at least, have to deal with local laws in order to stay in business. Make sure you look up their phone number from a public directory like the phone book to reduce the risk of calling a scammer's number, even for a reputable merchant.

Just remember, that little edge you want to have over the rest of the market may be too risky to rely on. Don't let your greed over-rule common sense when checking out a supplier's claims or offers.