Nicknamed "vishing," the new con works in three steps, said experts at Secure Computing.
Thieves manipulate VoIP technology to program autodialers to call unsuspecting citizens with a spoofed phone numbers. The targeted recipients receive calls with an ID that indicates their bank is calling.
The automated call — similar to many banks' automated phone systems — tells the recipients that they have been the victim of fraud and instructs them to call a certain number to resolve the situation. Then the victim calls the line, operated by the thieves, and is required to enter credit card information and other details.
The end result is that these criminals end up with all they need to commit identity theft.
"Like most other social engineering exploits, vishing relies upon the 'hacking' of a common procedure that fits within the victim's comfort zone," said Paul Henry, vice president of strategic accounts for Secure Computing. "Specifically, this methodology takes advantage of what has become a normal practice for credit card users. It is a normal procedure when calling a credit card provider to be asked to enter your 16-digit credit card number before given the opportunity to speak to a credit card representative."
Henry emphasized that consumers must be just as skeptical of phone requests for information as those online.
"Common sense is the first line of protection," Henry said. "Anyone who is called by a bank should take the appropriate steps to protect their personal information and their bank account."