1. What is Vishing? Please explain the modus operandi.

    Vishing (also known as Voice phishing) is a form of phishing attack in which the attacker (Visher) calls a bank customer (Victim), claims to represent the bank and lures the victim to provide personal banking details like Customer ID, password, Credit Card Number, ATM PIN, OTP, CVV or other sensitive information by creating a sense of urgency in the victim’s mind. The phone call can be a recorded message enticing users to respond.

    Modus Operandi:

    • Voice call can either be real-time or recorded.
    • In case of a recorded call, if answered by the potential victim, the recorded voice message is played to warn the victim that malicious activity has been performed on his/her account and personal bank account details are needed for verification purposes.
    • Once the victim provides these details, the Visher may use them for fraudulent transactions.
  2. How does it impact customers?

    The stolen sensitive information can be used by the attacker for conducting unauthorized fraudulent activities on the victim’s banking account. Such attacks can break the trust between the customer and the bank, ultimately resulting in tarnishing the bank’s reputation.

  3. What should a customer do if he or she has fallen prey to Vishing? 

    If you suspect that you have been a victim of Vishing, follow the steps mentioned below:

    • Immediately change the password, ATM PIN, Phone Banking PIN, secret questions/answers that you have shared over the fraudulent call. Verify if any unauthorized transaction has been carried out recently. If yes, then immediately contact your branch or get in touch with the bank through the phone banking number provided on the debit/credit card or bank/credit card statement; or published on the official website only, and let the bank know the details of the suspected incident.
    • Document call details like conversation between the customer and Visher, the phone number, information shared with the Visher etc. for further investigation.
    • Contact your local police and lodge a complaint.
  4. How are Banks ensuring security against Vishing? 

    Banks should educate all customers and employees about Vishing and set out the guidelines to be followed by them in case of such incidents.

  5. What should customers be careful about?

    Listed below are some simple steps which help you to avoid compromising your details to Vishing.

    • Do not share sensitive information over a phone call with anybody, even if he/she claims to be from the bank. Banks will never ask for your password, customer id, credit/debit card PIN, CVV, DOB, account details, net & mobile banking passwords or any other confidential information through phone calls or in any other way. In case of any suspicion, contact the bank immediately.
    • Don't call a number sent in a voicemail or text message. Validate the phone number through the official bank website or your bank card, and not by using web search engines like Google, Yahoo, Bing, etc.
    • Review your account statements on a regular basis to be sure all transactions were made by you.
    • Ensure that your preferred email-id or mobile number is registered with the bank for receiving transaction alerts sent by the bank. If you find your registered mobile number is inactive or if you are unable to make any call, contact your telecom service provider immediately to understand the reason.
    • Immediately call up phone banking or check your account online through net banking for any unusual transactions or beneficiaries added to your account.