MAIN Your Money Phishing - Vishing

Phishing - Vishing
How Consumers Can Prevent Identity Theft

More than ever, consumers need to be wary of scams, and to be careful to whom they provide personal information.

Fraudsters have recently introduced a new twist on the "phishing" e-mail, with a scam known as "vishing" - which is short for "voice phishing".

A phishing e-mail is a fraudulent e-mail sent, supposedly, by a "bank" or another "financial institution".

At first glance, this type of e-mail message may seem legitimate, since it usually contains a familiar-looking logo, or a link to a Web site that appears to be that of a financial institution.

The e-mail asks you to provide, or to verify, personal information such as a credit card number, or a password for accessing your banking account, on the pretext that a "security breach" has occurred, or that you need to respond to "keep your account active".

The vishing scam hooks consumers in two ways: by e-mail and by voicemail. As with the phishing scam, the customer receives an e-mail message that imitates the type of messages sent by on-line payment service providers such as PayPal, eBay or your bank.

However, instead of providing a link to a fictitious Web site, the vishing e-mail gives consumers a false Customer Support telephone number to call. When you call this number, an automated service prompts you to "log in" by keying in your account number and password, on the telephone keypad.

The second type of vishing scam is the vishing phone call, where consumers receive a direct call at home, or a voicemail message, warning them that their account is at risk, and suggesting they call Customer Support immediately. Fraud artists may even try to gain your trust by "confirming" the personal information on you that they have on file, such as your full name, your address or your credit card number.

Don't get hooked!

One very important thing you should know is that financial institutions never request sensitive information from customers, or confidential information on their bank account, by e-mail. So, no matter how urgent or convincing the e-mail message may be, do not give out any personal information.

What should you do if you receive a phishing or vishing message?

If you do receive this kind of e-mail or telephone call, the Financial Consumer Agency of Canada (FCAC) suggests that you take the following steps:

1. Do not respond to the e-mail and never give out any personal information, such as your on-line password, or your debit or credit card number, or personal identification number (PIN).

2. Do not use the phone number provided in the e-mail or in the telephone message, without first making sure that it's valid. To confirm that this phone number is valid, contact your financial institution by using the phone number that is on the back of your debit or credit card, or on your monthly statement, or that you, yourself, have verified in a phone listing.

3. In some cases, financial institutions really will contact you by phone or leave you a voicemail message. This can happen if they suspect that you have been a victim of fraud. Your financial institution may also ask you for additional information, to make sure they are actually speaking to their client. You will not, however, be asked to provide your PIN or password over the phone.

4. As a general rule, always be careful about how and with whom you share personal or financial information.

What if you are already a victim of fraud?

If you are a victim of debit or credit card fraud and are being held liable for a fraudulent transaction - or to obtain more information on your rights and responsibilities as a consumer - contact FCAC toll-free at: 1-866-461-3222 or visit FCAC's Web site at www.fcac.gc.ca. FCAC is a federal government agency that protects consumers' rights and gives them information about financial products and services.

.More Web resources to Internet Scams:

• Internet ScamBusters
• fraud.org