Reported to the Nebraska Credit Union League, by Darrin Englemann at Omaha Police Federal Credit Union, 3003 S. 82nd Ave., Omaha, NE, 68124, Phone Number 402-391-4040.
Credit union members are being targeted by a scam aimed at tricking them into revealing their debit and credit card information. Members are reporting that they receive official-sounding text messages that supposedly come from their credit union. The texts inform the recipients that "Your debit card (or credit card) has been deactivated." They are then asked to provide their debit or credit card number, PIN and expiration date. Specifically the scam on Tuesday, November 16th , reported by Omaha Police FCU read, “FCU ALERT: Your CARD starting with 4115 has been DEACTIVATED. Please call 402-210-2280.”
The messages appear to be blanketing the region at random. Consumers are urged to be extremely cautious of any message or e-mail that requests credit or debit card information, or any other sensitive personal information. These contacts often are scams perpetuated by people looking to commit identity theft. Financial institutions never request information in this way.
What is a vishing scam?
A vishing scam is the latest scam that careful consumers, and essentially anyone who possesses a credit card and cell phone needs to know about in order to avoid getting scammed. In particular, the vishing scam is a way to elicit either banking or credit card information from someone, which may then be used against the person. Vishing scam operatives want access to this information so they can gain access to credit cards or bank accounts and clean people out.
The typical vishing scam makes use of voice over Internet protocol (VoIP), which allows people to talk over their computer lines, and can allow for multiple dialings of numbers at the same time. Scammers may work from a list of regional phone numbers or even from a phone book, but what they mainly do is call everyone they can and leave an automated message saying the person's credit card or account has been compromised, depleted or closed. When this process is done by email, it's called phishing, instead of vishing.
People who are left a message are given instructions to call a number to get more information about this alleged compromise. Scammers often use toll free numbers for this purpose and may even have, for people with caller ID, the legitimate name of the company that is supposedly calling. When people call the number, they're instructed to dial in their credit card number or bank account number, and even sometimes information like personal identification numbers (PINs), or their social security number. Once this information is obtained, callers may speak to a person posing as a "representative" or they may never get to a representative, and are placed on hold. Meanwhile, the damage is done and the scammers may then use information to steal money or credit card numbers.
Essentially, it's pretty easy to avoid a vishing scam or one conducted by email, and now commonly through text messaging on cell phones. Instead of calling the number listed, locate your financial institution account telephone number or your credit card phone number and call that number instead. If you're being vished, a financial institution or credit card company can tell you this immediately by letting you know that there has been no illegal activity on your account or any security compromise of your account. These scams can seem very real though, because they often contain warnings about not divulging your personal information, which may make a potential target feel the company calling, texting or emailing is protecting his/her interests.
The main thing to remember is to never call the number listed on any potential vishing scam calls. This will not take you to your bank or credit card company, and if you give out your information you're likely to have it stolen. People are naturally worried if they hear the security of one of their accounts may have been compromised, but it will only take a few minutes to find the legitimate number of the "supposed" business that is calling you. You can also do your part by making sure that the bank or company is aware you've been vished.