How to recognize a vishing scam and protect yourself from attack

The phone rings and a recording says you owe the IRS back taxes and have to share your credit card number to settle the balance. Or it’s the bank, warning you that your account has been compromised.

These are just two examples of “vishing,” or voice phishing, a popular scam that can take place over a mobile phone or landline. The perpetrator will often pretend to be from a recognizable company or government agency and ask for your credit card, bank account info, Social Security number or other sensitive data.

These attacks are particularly effective because the scammers sound authoritative and urgent. In 2022, victims of vishing scams reported median losses of $1,400, according to the Federal Trade Commission (FTC).

Below, CNBC Select explains how to identify, avoid and recover from vishing attacks…

Dr. Anders Apgar was out for dinner last month with his family, and his phone would not stop buzzing. It looked like a robocall, so he tried to ignore it.

But the calls would not stop. Then his wife’s phone also started to ring.

“When she picks it up, a banner came across, a notification that says, ‘Your account’s in jeopardy,’” he said.

The warning, which he said was a text message, prompted him to pick up his phone. That was when the couple’s nightmare started.

It’s the kind of nightmare many crypto account holders around the country are facing as hackers target a boom in the industry, cybersecurity experts said.

The Apgars, who are both Maryland-based obstetricians, began investing in cryptocurrency several years ago. By December, their account had grown to about $106,000, mainly held in bitcoin. Like millions of investors across the country, their account is with Coinbase, the country’s largest cryptocurrency platform.

When Apgar picked up the phone, a female voice said, “Hello, welcome to Coinbase security prevention line. We have detected unauthorized activity due to failed log-in attempt on your account. This was requested from a Canada IP address. If this (is) not you, please press 1, to complete precautions recovering your account.” The call lasted just 19 seconds.

Nearly 1 in 3 Americans say they’ve fallen victim to a phone scam in the past year, like the ones where someone calls pretending to be from the IRS or from a company inquiring about an expiring warranty on your vehicle.

That’s according to a new report from Truecaller that finds roughly 59.4 million Americans have lost money to phone scams over the past year. About 19% fell victim more than once, according to the report, which was undertaken in partnership with The Harris Poll in March 2021.https://datawrapper.dwcdn.net/P9AOf/2/

Not only is the number of victims on the rise, the expense of these scams is also up. The average reported loss was about $502 per person, the highest amount on record since Truecaller began tracking this data in 2014 and up significantly from the average loss of $351 reported in 2020. 

“It’s very disappointing to me, and alarming that people are getting convinced to send criminals money,” says Clayton LiaBraaten, senior advisory board member at Truecaller. Yet it’s not surprising, he adds, considering how convincing scammers can be. “These criminals are incredibly clever in the way that they manipulate people.” 

Fraudsters are very good at what they do; they understand all of the technology, all of the loopholes and all of the gaps to get into the networks, as well as the psychosocial approach to intimidating people and getting them to pay, LiaBratten says.

Truecaller found that younger Americans are more susceptible to phone scams. And across generations, about 59.4% of men reported being scammed, compared to just 38.3% of women.https://datawrapper.dwcdn.net/WRHNo/1/

Americans will likely see a short-term dip in scam calls over the summer, in part because the Federal Communications Commission is requiring providers to implement caller ID authentication technology by June 30, 2021. LiaBraaten says this will help mitigate spoofing, but it’s not a silver bullet. 

Every time regulators or businesses find a new anti-fraud solution, put in a firewall or develop some sort of new anti-malware software, the criminals find a way to get around it. “They’re not going to give up,” LiaBraaten says.

Yet there are ways that consumers can make it more difficult for scammers to successfully scam money from them. 

Let unknown calls go to voicemail 

Most experts recommend that consumers avoid picking up any calls from unfamiliar phone numbers. Instead, let them roll into voicemail for further scrutiny. “If somebody doesn’t leave a voicemail, then it obviously wasn’t that important,” LiaBraaten says. 

Although the FCC’s new requirement will make it more difficult for scammers to use spoofing technology to impersonate government agencies and legitimate businesses, consumers should still be on guard. 

Additionally, LiaBraaten says Americans should be leery about picking up the phone for out-of-area calls. If someone is calling you from Lexington, Kentucky, or Boise, Idaho, and you have no relationships to people or businesses there, the simplest solution is to let the call go to voicemail. 

Block and report spam calls

If you do suspect a call is spam, block it, LiaBraaten says. You can manually block a call on your phone or download a robocall-blocking app. 

Most mobile service providers have free software or apps that allow you to screen or block automated calls. Some, like Verizon, have software that automatically blocks some of the worst robocalls throughout their network, while others have separate options that consumers can install. 

If a caller didn’t leave a voicemail and you have no idea who it was, you can use a number lookup to see if it’s attributed to any business that you might be affiliated with. If not, block it. Some apps allow you to also report the number so that they can warn other users. Additionally, you can report unwanted calls through the national Do Not Call Registry.

Limit how you give your number out

Be careful where and how you give out your number. There are a lot of ways scammers can get their hands on your phone number, but you don’t want to make it any easier for them, LiaBraaten says.

Do you really need to include it on websites or social media accounts? Do you need to give it out to retailers when they ask at checkout? 

“This is high enough at $500 a pop that people should be treating their phone numbers like they treat their bank account numbers,” LiaBraaten says.

President Joe Biden’s executive order comes as Colonial Pipeline continues to grapple with a crippling ransomware attack.

WASHINGTON —  President Joe Biden signed an executive order Wednesday aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyberattacks on private companies and federal government networks over the past year.

The action comes as Colonial Pipeline continues to grapple with a crippling ransomware attack, which has led to widespread fuel shortages along the East Coast and prompted an all-of-government response.

The Colonial Pipeline hack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing hackers to gain access to communications and data in several government agencies.WATCH NOWVIDEO01:13Top U.S. and Russian diplomats speak following pipeline hack

The president’s executive order calls for the federal government and private sector to partner to confront “persistent and increasingly sophisticated malicious cyber campaigns” that threaten U.S. security.

Biden’s executive order takes a number of steps aimed at modernizing the nation’s cybersecurity:

News of the president’s action came about an hour after Colonial announced it had restarted pipeline operations — though it will be days before fuel deliveries return to normal, the company said in a press release.

“Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” said the statement, which also thanked the Biden administration “for their leadership and collaboration.”

At the White House earlier Wednesday afternoon, President Joe Biden hinted his administration would soon have “good news” to share about its efforts to address the attack on Colonial.

The White House said Tuesday it was directing a “comprehensive federal response” aimed at restoring and securing U.S. energy supply chains in response to the incident.

On May 7, Colonial Pipeline paused its operations and notified federal agencies that it had fallen victim to a ransomware attack.

The assault, carried out by the criminal cyber group known as DarkSide, forced the company to shut down approximately 5,500 miles of pipeline, leading to a disruption of nearly half of the East Coast’s fuel supply.

July 5, 2019

The Federal Trade Commission announced last week a crackdown on robocallers, giving one of the clearest pictures yet of the people and organizations behind the avalanche of nuisance phone calls to consumers.

The actions are important because they draw the connection between robocalls, which may seem like mere annoyances, to the fraudulent organizations or illegal mass-calling schemes behind them.

“We have a strong robocalling enforcement program, which is meant to protect wider consumers from abuse and abusive calls,” said Ian Barlow, program coordinator for the FTC’s Do Not Call program…

February 26, 2019

The Federal Communications Commission, as part of a crackdown on the billions of unsolicited robocalls every year, is warning phone providers to implement technology to stop the scammers or face new government rules, FCC Chairman Ajit Pai said Tuesday

“Recently I told the industry, ‘Look, we need to adopt call authentication, essentially a digital fingerprint, for every single phone call this year. We need to have it now or otherwise it’s going to be regulatory intervention,’” Pai told CNBC’s Jon Fortt, in a“Squawk Box” interview from the Mobile World Congress trade show in Barcelona, Spain.

Hiya, a startup aiming to reduce telemarketing calls, estimates that Americans got 26.3 billion robocalls last year, a 46 percent increase from 2017. The average U.S. consumer received 10 spam calls per month last year, Hiya’s Robocall Radar report shows…

January 29, 2019

The phone rings and you run to pick it up, only to hear an automated recording. You are not alone.

There are approximately 5 billion robocalls made every month, according to robocall blocking app, YouMail. That number has been consistent, but the context of those calls changes. The most recent scam? Robocallers were trying to cash in on the recent partial federal government shutdown.

“The robocallers are marketers. You can think of them as marketers in the wrong business,” said Alex Quilici, CEO of YouMail. “They are always testing different ways to get people to respond to their calls.”…

January 4, 2019

It’s not your imagination. You are getting bombarded with robocalls.

Robocalling, a practice where marketers send automated voice messages to thousands of phones at once, surged 60 percent in the U.S. last year to 48 billion calls, according to preliminary year-end data from YouMail, a robocall management company that tracks the volume of calls.

“Scam calls have been increasing very steadily, and it’s driving people to not answer their phone,” said YouMail CEO Alex Quilici. “It’s driving people to not answer their phone and it’s kind of created this death spiral of phone calls as the robocallers ramp up their efforts, and the legitimate roboccalls try harder to get through…”

July 30, 2018

The recent bust of a large fraud and money laundering conspiracy highlights one key takeaway for you: Be wary of who is on the other end of your phone line — particularly if they claim to be the IRS.

The Department of Justice announced that 24 defendants have been sentenced in connection with a multimillion dollar fraud scheme in what Attorney General Jeff Sessions called the “first-ever large scale, multi-jurisdiction prosecution targeting the India call-center scam industry.”

June 12, 2018

Rebecca Schulte, 24, was at her apartment in West Hollywood, California, when she received a call from a familiar area code. She picked up.

“I’m on the side of the road, there’s been a really bad car accident,” a man said. He told her he’d found her number in the injured man’s phone.

Rebecca knew her father had been driving, and in a panic she asked if it was him: “Is it Brian?”

“Is your name Brian?” she could hear the man ask…

June 6, 2018

If you’ve picked up the phone only to hear the start of an automatic recording, you’re not alone. Roughly 16.3 billion of these calls have been placed just in the first five months of 2018, according to the YouMail Robocall Index.

In May, Americans received about 4.1 billion robocalls. That’s over 12 calls per person, according to YouMail, a company that, in addition to compiling the database, also offers solutions to the problem. And the number of calls keeps growing. In fact, over the past year, the number of robocalls has almost doubled.

June 25, 2017

The phone rings, pauses, and then a recording on the line says: “Hello! This is Rachel at cardholder services,” or “This is an important notice about your automobile.”

If you’re like many Americans, you have probably received a robocall just like these, which have become a scourge for consumers despite increasing efforts to stop them. In May, there were 2.6 billion robocalls, or automatically dialed calls, in the U.S. That amounts to over eight calls a person, according to YouMail, an app designed to stop the pesky calls…