How to avoid telephone scams

It usually comes as a phone call that sounds urgent or alarming. An unsolicited caller tells you your bank account has been compromised, and they need your PIN so they can verify your identity or unlock the account. The caller may also say they’re from a government agency, such as the IRS or the Social Security Administration. Sometimes they insist you owe money, or they might announce you’re a lucky prize winner, but you’ll need to pay for shipping and handling to claim your prize.

These are all examples of vishing, a term that combines “voice” and “phishing” to describe a scam that relies on either a mobile or landline phone. Phishing refers to any attempt by cybercriminals to steal money or personal information from people through deceptive practices. It can also be perpetrated through email and texting systems (known as smishing).

Criminals continue to use vishing techniques because they realize talking quickly and persuasively can catch many people off guard. While some of these attempts are easy to detect, others are subtle enough to fool even cautious consumers, especially when the caller makes it seem like urgent action is needed.

These deceptions can be so convincing because criminals can use personal information they’ve stolen from other sources to make a vishing attempt sound like an honest exchange. They also spoof phone numbers that belong to established organizations, which makes the phone number appear legitimate on your caller ID. With excellent imitations of call center professionals, your defenses may be lowered.

It pays to be aware of the latest vishing scams, but always remember the most important rule: You should never provide personal or company information on an unsolicited call, no matter who you think it is.

Vishing calls might come from an actual person, use automated robocall technology or some combination of both. To win your trust, the caller may provide information like your address or the last four digits of your Social Security number. If you’re at work, a caller might pretend to be a trusted colleague and ask for CashPro® or Online Banking credentials.

In every attempt, there will be a request for more information. Here are a few general vishing categories:

• Solving a problem with your account. A caller claims they’re from your bank or another organization you do business with. They explain that there’s a problem with your account access, a payment you recently made, a suspicious transaction or a refund you’re owed. To resolve the issue, the caller requests information, such as a change to existing payment instructions, your access code or account number.
• A demand for payment. Scammers may pretend to work for government agencies, such as the IRS or the FBI, or as employees at collection agencies or other third parties. They may tell you that you owe money and must pay immediately or be fined or arrested. These scams may also include text messages from the scammer to make their request look legitimate.
• Technical support. Unsolicited calls or voicemails with references to legitimate companies may advise you to contact a customer support number to resolve a problem with technical services or devices. Remember: Bank of America, like many businesses, will never ask you for your account details unless you call us first.
• Enrollment scams. Some criminals pose as representatives for government programs (like the Social Security Administration or Medicare) and collect personal or financial information under the guise of helping you enroll or receive payments. Criminals have also exploited the Small Business Association’s Paycheck Protection Program to target business owners seeking loans.
• Collecting an award or special offer. This vishing call informs the recipient that they’ve won a contest or can cash in a limited time offer of goods or services. Personal or payment information is then requested.
• Spoofed phone numbers. Scammers may deliberately falsify the information transmitted to your caller ID display to disguise their identity. It will appear as if an incoming call is coming from a local number or a number from a company or a government agency you may already know and trust. If you answer, the scammers will attempt to steal your money or valuable personal information.

There are a few simple but critical rules to remember before you answer an unsolicited call:

• Don’t answer calls from numbers you don’t recognize. Bear in mind, however, that vishing scammers sometimes leave voicemails with a callback number. Do not call a number back without checking to see if it belongs to a business you know. Note that most government agencies, such as the IRS, will not call you unless they have contacted you by mail first.
• Don’t trust caller ID numbers. Criminals are routinely spoofing legitimate numbers of established companies and services.
• If you’re suspicious, hang up before you give out any information or don’t answer. If you think the call might be legitimate, call back later using a number you’ve independently verified, and do not use your callback function. You should hang up on a caller who says they are with Bank of America but is not your normal contact.
• Do not give any caller personal or company information even if they already know some of your personal information. Scammers can steal personal information from other sources or find it on the dark web and will use what they know to trick you into giving them more. The fact that a caller knows something about you or your company isn’t enough of a reason for you to trust them.
• Remember, Bank of America, like many businesses, will never ask you for account or CashPro® details unless you call us first.