Legal, Regulatory, and Privacy Issues

Thieves go ‘vishing’ for credit card info over the phone

As more consumers have become wary of responding to unsolicited e-mails requesting credit card account information and other personal data, thieves have started to move from phishing to use of a new scheme, known as “vishing.”

Compare Low Interest Credit CardsWith phishing, Internet scammers created fake e-mails that seemed to be from legitimate sources, such as a bank, credit card issuer or reputable online merchant, asking their intended victims to click on a Web link and then provide personal information for one reason or another.  In vishing (short for voice phishing), thieves are making use of the telephone for the same goal of tricking you into providing credit card data, Social Security numbers and more.

Using the telephone to trick consumers into giving away financial and personal information is nothing new for thieves.  But what makes vishing a new phenomenon is the way criminals are getting a hand from current technology.

Vishing makes use of Voice over Internet Protocol, or VoIP, the technology that lets callers reach out and touch someone in a way that is both cheap and anonymous.  Unfortunately, unscrupulous VoIP callers may be reaching out just to snatch your credit card information.

And they may be tricking your caller ID into showing fake information to help themselves do it, since VoIP and Internet-based telephony services make it easier for callers to hide their identity and location.

In vishing schemes, thieves make use of VoIP accounts which can be easily and anonymously obtained.  Often, thieves take one of two approaches.  In the first, you may receive a seemingly-legitimate e-mail that asks you to dial a phone number which is answered by an automated service requesting your account information.  The number you are asked to call may even contain a local area code.

The second vishing approach involves you getting a call from a credit card issuer, bank or another source that would potentially have reason to need your financial information.  The thief may already know you credit card number, which it makes the call seem more authentic, and may only ask for the three-digit security code on the reverse side of your credit card.

Some of these calls involve having an automatic dialer phone victims and play a recording that warns of fraudulent credit card activity.  The targeted consumer may be asked to call a number to confirm personal information.  In a recent vishing scheme, an e-mail asked consumers to call an 800 number, where they were prompted by a recording to enter bank information via their touch-tone phone.

Regardless of the approach, thieves who gain hold of your credit card information can then use it for identity theft purposes.  To avoid falling victim to such a scam, immediately hang up on anyone who claims to be from a bank and calls looking for your credit card information.  Banks should already have your financial information in their records.

Then, you can use the number on the back of your credit card to phone the credit card company.  If the original call was legitimate, they will be able to discuss any issues or problems at that time.

What’s up next?

In Legal, Regulatory, and Privacy Issues

No-swipe credit cards could let thieves swipe your info

Two UMass computer scientists demonstrated how easy it could be for credit card thieves to grab information from no-swipe credit cards that employ RFID technology.

Published: March 23, 2007

See more stories
Credit Card Rate Report Updated: June 19th, 2019
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.