How to avoid telephone scams

It usually comes as a phone call that sounds urgent or alarming. An unsolicited caller tells you your bank account has been compromised and that they need your PIN so they can verify your identity or unlock the account. Or they say they’re from a government agency, such as the IRS or the Social Security Administration. Sometimes they insist you owe money. Or they might announce you’re a lucky winner — but you’ll need to pay for shipping and handling to claim your prize.

These are all examples of “vishing,” a term that combines “voice” and “phishing” to describe a scam that relies on either a mobile or landline phone. Phishing refers to any attempt by cyber criminals to steal money or personal information from people through deceptive practices. It can also be perpetrated through email and short message or texting systems (known as “smishing”).

Criminals continue to use vishing techniques because they realize that talking quickly and persuasively can catch many people off guard. While some of these attempts are easy to detect, others are subtle enough to fool even cautious consumers, especially when the caller makes it seem like urgent action is needed.

One of the reasons these deceptions can be so convincing is that criminals can use personal information they’ve harvested from other sources to make a vishing attempt sound like an honest exchange. They also spoof phone numbers that belong to established organizations, which makes them appear legitimate on your caller ID. And they may lower your defenses with excellent imitations of call center professionals.

It pays to be aware of the latest vishing scams, but always remember the most important rule: You should never provide personal or company information on an unsolicited call, no matter who you think it is.

Vishing calls might come from an actual person or use automated robocall technology or some combination of both. The caller may know nothing about you, or they may provide information such as your address or even the last four digits of your Social Security number to win your trust. If you’re at work, a caller might pretend to be a trusted colleague and ask for CashPro® or Online Banking credentials.

In every attempt, there will be a request for more information. Here are a few general vishing categories:

• Solving a problem with your account. A caller, purportedly from your bank or another organization you do business with, explains that there’s a problem with your account access, a payment you recently made, suspicious transactions or perhaps a refund you’re owed. The caller requests information, such as a change to existing payment instructions, your access code or account number, to resolve the issue.
• A demand for payment. Scammers may pretend to work for government agencies, such as the IRS or the FBI, or as employees at collection agencies or other third parties. They may tell you that you owe money and must pay immediately or be fined or even arrested. These scams may also include text messages from the scammer to make their request look legitimate.
• Technical support. Unsolicited calls or voicemails, which refer to legitimate companies, may advise you to use a phone number to contact a customer support number to resolve a problem with technical services or devices. Remember that Bank of America, like many businesses, will never ask you for your account details unless you call us first.
• Enrollment scams. Some criminals pose as representatives for government programs, such as the Social Security Administration or Medicare, and collect personal or financial information under the guise of helping you enroll or receive payments. Criminals have also exploited the Small Business Association’s Paycheck Protection Program to target business owners seeking loans.
• Collecting an award or special offer. An old scam that is frequently recycled, this vishing call informs the recipient that they’ve won a contest or can cash in a limited-time offer of goods or services. Personal or payment information is then requested.

There are a few simple but critical rules to remember before you answer an unsolicited call:

• Don’t answer calls from numbers you don’t recognize. Bear in mind, however, that vishing scammers sometimes leave voicemails with a callback number. Do not call a number back without checking to see if it belongs to a business you know. Note that most government agencies, such as the IRS, will not call you unless they have contacted you by mail first.
  
• Be wary of caller ID numbers. Criminals are routinely spoofing legitimate numbers of established companies and services.
  
• If you are suspicious, even if you recognize the caller’s organization, hang up before you give out any information or do not answer. If you think the call might be legitimate, call back a number you’ve verified independently — do not use your callback function. For instance, you should hang up on a caller who says they are with Bank of America but is not your normal contact.
• Do not give any caller personal or company Information, even if they know some of your personal information already. Scammers can steal personal information from other sources or find it on the dark web and will use what they know to trick you into giving them more. The fact that a caller knows something about you or your company is not enough of a reason for you to trust them.
• Remember that Bank of America, like many businesses, will never ask you for account or CashPro® details unless you call us first.