Identity Theft Phishing, Pharming and Vishing


Many consumers are now familiar with the Internet scam known as “phishing”. This is a spam message that contains a link to what appears to be a legitimate business, such as your bank, but it is actually a fake website. The email often states that you must update your account information through a bogus link to a scammer’s website and the user, unknowingly, gives out personal information to the fake website. Educating consumers about this type of scam has helped many people avoid becoming victims.


Much like the now familiar “phishing” scam, “vishing” scams attempt to trick targets into divulging personal information such as credit card, bank account and social security numbers using new telephone technology. Typically, “vishing” targets will receive a phone call from what appears to be a legitimate business, such as their bank or credit card issuer, wherein a recorded message notifies the target that their account has been compromised. The target is then directed to a 1-800 number where an automated system requests that the caller enter their account or credit card number or even their social security number to secure their account. However, by entering this information, the victim enables the thief to clear the victim?s bank account, run up large credit balances or even open new accounts under the victim’s identity.

Caller ID systems often provide little or no protection against this scam. Using readily available Voice over Internet Protocol phone numbers, which allow individuals to make phone calls using the internet rather than the traditional telephone infrastructure, the scammer is able to disguise both incoming and return phone numbers as those of legitimate business entities. They show up on your caller ID as that of the financial institution the scammer purports to represent, when in reality the VoIP number could be anywhere in the world. This scam is especially disarming because it uses a more familiar medium, the telephone, to more closely mimic the ways in which we typically interact with our financial institutions.


The latest evolution in Internet scamming is “pharming”. Through the use of a virus or similar technique, your browser is hijacked without your knowledge. You type a legitimate website into the address bar of a browser and the virus redirects you to a fake site. Although you entered the website address in the browser yourself and the website appears identical to the site you are accustomed to doing business with, you have actually been redirected to a different site. You enter in your identifying information, such as bank passwords and credit card numbers, and unknowingly submit it to someone who is out to steal your identity.

In this scheme, since you typed in the URL yourself and the website has the same appearance as it usually does, it is unlikely that you will know you were redirected to a different website.