Vishing Scam: Four More States Struck

Five Institutions Say Customers Received Fraudulent Calls
Vishing Scam: Four More States Struck
Add four more states to the list of those whose banking customers are being struck by telephone-based phishing attacks.

Financial institutions in Michigan, Wisconsin, Minnesota and Mississippi report being hit by these "vishing" attacks in the past two weeks. Five different institutions -- three credit unions and two banks - say their customers have received vishing calls from fraudsters.

These vishing attacks follow a series of attacks that have hit institutions from coast to coast since last fall, and validate the increasing numbers of overall phishing attacks reported in the Anti Phishing Working Group's recent report, which shows an increase of targeted phishing attacks directed at financial institutions.

Vishing is a form of phishing, where instead of people receiving an email trying to lure them into giving personal information, the criminal uses a phone call, either live or automated, to attack the bank or credit union customer and get critical information.

'Ashley' From Team One Calling

The Team One Credit Union (32,000 members, $278 million assets) in Saginaw, MI had customers and non-customers calling on Jan. 22, reporting that a woman calling herself "Ashley" from Team One was alerting them to the fraudulent use of their checking account. The credit union says it doesn't know of any customers who had been duped by the call, but posted another alert on its website for its customers on Jan. 25.

Wisconsin CU Hit

Residents in the Wausau, WI area told CoVantage Credit Union, (56,000 members, $665 million assets) they had been getting phone calls from people claiming to be from the credit union or a bank. The callers claim that the person's credit card has been deactivated because of suspected fraud, and then asks for the card number and PIN to fix the problem.

Co-Vantage Credit Union says several of their members have received similar calls. The credit union put an alert on its website on Jan. 27 to warn members. The credit union has not had anyone report being taken in by the call yet.

Minnesota's TruStar FCU Vished

Several International Falls area residents have told TruStar Federal Credit Union (14,000 members, $143 million assets) that they've received automated recorded calls on their cell phones since Jan. 21, claiming to be from the credit union. Police in International Falls says that a block of telephone numbers with the 240 prefix and the 218 area code were targeted by phishing criminals.

In these calls the automated voice says there may be a problem with a credit or check card and says that the only way to deactivate the card is by entering into the telephone their account numbers.

TruStar has informed its members to ignore computer-voiced messages asking them to enter personal identification to "activate" or "confirm" their debit card or ATM cards. The computer voice has referred to the credit union variously as "TriStar," or "Trust-star," in addition to the actual name of the credit union.

Two Mississippi Banks Targeted

Two banks in the Gulfport, MS area warned residents about an automated phone call scam that could drain a person's bank accounts if they followed the caller's instructions.

The Merchants & Marine Bank of Gulfport, MS ($436 million assets) says that calls began on Jan. 25 and 26. The bank reports that customers saw the calls coming in from two different numbers in Tennessee. Police say the calls were most likely coming from a drop box that routes calls several places, making it nearly impossible to trace.

The second bank in the Gulfport area reporting similar calls was Hancock Bank ($6.8 billion in assets). The bank says its customers have reported receiving the same recorded call.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network