Vicious Vishing

 In 2020, Tip of the Week

Safety Compliance Management, Inc.

‘Twas the holiday season, when all through the land,
Online shoppers clicked quickly to get gifts in hand.

But while they were adding treats and toys to their carts, A holiday scammer was practicing his art.


That clever verse was part of a poem written by Monica Glover of the FBI. It is part of a podcast recorded on “Inside the FBI” recently to provide information about holiday scams. This holiday season more of us are doing online shopping, some of which may be putting our credit cards at a higher risk than usual. The podcast, linked here, provides the following guidance to keep your credit cards safer:

  • Know the website and seller. Scammers can create pseudo websites that look legitimate but are not. Look for reviews from reputable sources. And double check the web address. If it does not have https in the address, click out of the site as fast as you can.
  • Be very wary if someone asks you to pay for an item with a gift card and give them thecorresponding pin number. A scammer will take the funds from the gift card and you won’t get what you paid for. It is rare that someone experiencing this type of fraud will get their money back.
  • Check your credit card statements early and often. Make sure all the purchases on the statement are ones you made.
  • Get tracking numbers for all your purchases. Make sure what you ordered goes to the right place.


Vishing is a type of fraud that has become unfortunately popular with scammers. A vishing attempt is similar to a phishing attempt, except that it is received by phone, text, or email. A common example is the message from your bank saying that your email, password or some other detail of your account has been compromised, and you must follow this link to correct it. Except that link goes to the scammer, not to your bank, and you are asked to give the scammer security information for your account.

The FBI has a few recommendations if you find yourself as part of a vishing attempt:

  • Be suspicious of phone calls, emails or texts from unknown individuals claiming to be part oflegitimate organization. The Social Security Administration, Veterans Affairs, and similar groups will not call if there is a problem with your account. If you think the call may be legitimate, get thecaller’s information and contact the company to verify the caller’s identity within the company.
  • Document the phone number of the caller as well as the domain that the caller tried to send you to. Give this information to law enforcement.
  • Limit the amount of personal information you post on social media. Social media sites are mining fields for scammers to gather information.

These types of cyberattacks don’t just happen at home. They also happen at work. Scammers are able to convince employees to share one-time passwords (OTP) or keys with them, sometimes by using fake login sites. Or they pressure employees into sharing security bypasses to get into a company network. Some guidelines for businesses include:

  • Review your OTP system, make improvements when and where necessary.
  • Restrict Virtual Private Networks (VPN) to managed device connections. Only allow access to VPNs during certain hours, when scammers would be unlikely to be working.
  • Employ domain monitoring to track creation of or changes to corporate brand-name domains.
  • Use the principle of “least privilege” and implement software restrictions policies.

Other antifraud and cyberattack information is linked below.

In all cases always report cyberattacks to local law enforcement, your credit card fraud department, and to theFBI’s Internet Crime Complaint Center at

Recent Posts
Contact Us

Please send us an email and we'll get back to you as soon as possible.

Not readable? Change text. captcha txt

Start typing and press Enter to search