We continue to see more and more "Vishing" attacks mounted against unwary consumers. Attackers typically like to target large consumer bases so they focus efforts on impersonating large organizations (federal, state, or local government entities, banks, utilities, employees of large companies, etc.).
I recently read of just another such attack. In this particular attack, the attackers targeted a large utility company (DTE Energy). Metro Detroit residents were contacted by telephone by the attackers posing as representatives of DTE. In the recorded message, the attackers threatened the residents by stating that the resident's account was overdue and that services would be cut. The residents were then instructed to call a toll-free number for resolution.
The provided toll-free number was one operated by the attackers. When the residents called the number, they were instructed to supply their name, address, and social security number. Once the identity information had been harvested by the attackers, the residents were told that they had been contacted in error and the issue had been successfully resolved (no further action required on their part).
The attack was well executed. The recording was believable and convincing. The attack appeared legitimate as DTE does use an automated phone system to contact customers for billing issues but does not collect sensitive information.
It is very easy to become a victim. Identity theft wouldn't be the popular crime that it is if it didn't pay well for the attacker and was reasonably easy to execute successfully. It only requires that the target drop their guard for a moment.
If you receive phone calls like this, be suspicious and verify the source. You can visit the website of the utility company to get their phone number or use the telephone directory. Don't assume that the call is legitimate. You can confirm the veracity of the call by calling back using the phone number you obtained by using your telephone directory or visiting the company's website. A healthy dose of skepticism will go a long way.
Here at Merchants, we see a number of folks who have concluded that their personal information was at risk and didn't feel comfortable not having a safety net were they to discover that their identity had been stolen. For these good folks we offer broad spectrum consumer oriented identity theft services which include: education, prevention, detection, and remediation.
In some cases, forward-thinking companies use our business-to-business oriented services to safeguard their employees (offering them as an employee benefit) or to their customers (a customer benefit for valuable customers). In other cases, companies or other large entities approach us when they fear that information they possess relating to their customers and/or employees might have been compromised (lost, stolen, or made public).
However our customers come to us, we provide the security and peace of mind they seek. It's a risky world out there with bad actors ready to steal not only your money, but also your good name and reputation. You don't have to go it alone, Merchants can help.
No comments:
Post a Comment