The latest ploy to steal your credit card number and personal information is so believable that many are falling for it.
Con artists are using the telephone in an attempt to trick you to act on an e-mail that looks like it was sent from PayPal, eBay's online payment service.
The e-mail uses the same slick come-on as many nefarious attempts to steal your personal information, warning you there was a problem with your PayPal account. But there is no link to click. Instead, users are asked to call a phone number where an automated answering machine asks for account information, mimicking the legitimate ways that customers interact with financial institutions, reports The Associated Press.
Security experts call this new scam "vishing"--short for "voice phishing."
Sometimes vishing begins with a phone call, not an e-mail. And these calls are quite believable since the caller already knows your credit card number. All you are asked to provide is the three-digit security code found on the back of the card. "It is becoming more difficult to distinguish phishing attempts from actual attempts to contact customers," Ron O'Brien, a security analyst with Sophos PLC, told AP.
Here is the valuable lesson: "If you get a telephone call where someone is asking you to provide or confirm any of your personal information, immediately hang up and call your financial institution with the number on the back of the card," Paul Henry, a vice president with Secure Computing Corp. told AP. "If it was a real issue, they can address the issue."
Words of advice:
--From the Editors at Netscape
- Never give anyone your credit card number or the three-digit security code on the back of the card unless you initiated the call. And if you're calling in response to an e-mail, that doesn't count as initiating the call!
- Never click on links in e-mails unless you know the sender and are sure the link is legitimate.
- Never give your personal information to a stranger online or over the telephone.