In the News


Scam Alert -Vishing

Broadcast on NBC

MEREDITH VIEIRA, co-host: Today we wrap up our series, SCAM ALERT: IDENTITY THEFT, with the art of vishing with a V. Bad guys will try anything to steal your most personal information. One of the scams you have to watch out for begins when your phone starts ringing. NBC's Kevin Tibbles can explain.

Mr. JIM STICKLEY (TraceSecurity): This is Jim Stickley calling from Numerica Credit Union regarding your primary account. When you receive this message, could you please give us a call back?

KEVIN TIBBLES reporting: Jim Stickley isn't from Numerica Credit Union, and there's nothing wrong with these people's accounts. Jim and his company, Trace Security, are testing a common identity theft scam called vishing.

Mr. STICKLEY: You leave them a message, tell them you're calling from a financial institution. Recently, we were working with their account, and we found an anomaly, and we need you to call us back to work this thing out. Call us at our 800 number.

TIBBLES: That 800 number doesn't go to a financial institution, it forwards to Jim's cell phone.

Mr. STICKLEY: People seem to believe that if I'm calling an 800 number, it must be something legitimate. In reality, you can get an 800 number for 10 bucks a month. Once they call us back, we're going to go through the whole scenario, pretending that we're making them validate who they are.

TIBBLES: Scammers first need only your phone number and the name of your bank or credit card company. They can find that information out pretty easily. To the bad guy, a dumpster isn't just a garbage can, it's a potential treasure trove of information. Something as simple as a discarded post-it note with a phone number scribbled on it is just like gold.

Jim showed us by going to a financial institution we won't name, and inspecting their dumpster, finding very promising leads.

Mr. STICKLEY: Oh, this is a perfect one. I've got a phone number. In this case, I got a phone number with a name right here, and an address right there. I've got two phone numbers, actually, and a name. I've got two names, actually.

TIBBLES: But for this unscientific experiment, Jim worked with Numerica Credit Union to test their customers, seeing if they would be susceptible to this type of scam.

Mr. KELLEY FERGUSON (Numerica Credit Union): We have to make sure that our members are educated, and they know what to look for, so they don't fall victim.

Mr. STICKLEY: We would hope that people are going to be suspicious. They should realize that any financial institution already has this information.

TIBBLES: Jim was given six phone numbers of Numerica customers that are friends or family of employees. Then from a hotel room Jim began making phone calls with only his cell phone, the list of phone numbers and a script sounding official.

Mr. STICKLEY: This is Jim Stickley calling...

Regarding your primary account...

When you receive this message, could you please give us a call back, toll free: 1-877...

TIBBLES: Then he waited to see how many people would believe his ruse and call back. Within an hour, the phone rang.

Mr. STICKLEY: This is Jim. For security purposes, this call is being recorded. How may I help you?

Unidentified Caller #1: I'm calling you guys regarding my account.

Mr. STICKLEY: And for security purposes, can I verify your Social Security number?

Caller #1: It's 52--

Mr. STICKLEY: That's not coming up. What's your primary account number?

Caller #1: Let's see, oh, the--

Mr. STICKLEY: OK, that brought it up. OK, great. All that's been--happened on this account is your address has gotten messed up. So all I need to do is just verify that, and we're done.

Caller #1: Sure, yeah. Here, I'll--just let me give it to you. It's--

Mr. STICKLEY: He gave me his Social Security number, gave me his account number. He gave me his address and he gave me his name. And that's really all you need to ruin somebody's life.

TIBBLES: Another caller did get suspicious, but it was too late.

HERB: Yeah, Jim, you left a message at my home phone, I believe.

Mr. STICKLEY: For security purposes, can I verify your Social Security number?

HERB: Uh, 57--

Mr. STICKLEY: What's your primary account number?

HERB: OK, Jim?

Mr. STICKLEY: Uh-huh?

HERB: I don't mean to--I don't mean to sound skeptical...

Mr. STICKLEY: Uh-huh.

HERB: ...but how do I know you are with Numerica? Where you ask for my Social Security number, and that--then all of a sudden then you want my account number, and I have no way of verifying who you are.

TIBBLES: We then informed Herb of our test.

Mr. STICKLEY: His suspicions came in. They should have come in just before. But I got the one thing that I needed, the one thing he could not ever undo was his Social Security number.

TIBBLES: Herb realized that as well.

HERB: I was caught off-guard. It took me a few seconds to figure out something wasn't right, but it was too late. Luckily, it was just a test.

TIBBLES: Three out of the six customers fell victim to Jim's test. Three others were suspicious and didn't give their information. A 50 percent success rate for a potential crook.

Mr. FERGUSON: An organization can spend so much on the security of an internal system. But the more dollars they spend on the education of the consumer, the higher success rate that we're going to have of stopping these types of scams.

Mr. STICKLEY: And it always comes back down to just awareness. And you know, I'm not teaching somebody how to break in. I'm hopefully teaching people how to protect themselves from that person that might be trying to break in.

TIBBLES: For TODAY, Kevin Tibbles, NBC News, Chicago.