Stay safe of phishing over phone

Things have just got ‘phishier’ on the Net. Those scammers who have made our lives tough with email phishing have devised a new game. Called ‘voice phishing’, the technique is being used to dig out our details and committing various crimes online.

The scammers set up a fake call center using VoIP (Voice over IP). They send email message claiming to come from a reputed company. But instead of giving a website link to click on, they send a phone number to call. Once you call on that number, what you hear sounds like the company’s telephone queuing system. The unsuspecting user thinks it is the genuine company and gets easily deceived.

The recorded message you hear after dialing the number asks for details like your payment card information (numbers, expiry dates and the last three digits printed on the signature panel), PIN (Personal Identification Number) social insurance number, date of birth, bank account numbers and passport number. Each one of these is valuable information for the phisher as it can give him the control of your financial accounts, help open new bank accounts, transfer bank balances, file loan applications, apply for credit cards and other goods/services, purchase luxury items, conceal criminal activities, receive government grants or secure a passport.

The email can be sent out as "image spam. This means the email carries an embedded image instead of actual words so your spam filter will not be able to catch it.

Voice phishing catches you unawares. The clever scammer has asked you to call on a number. You are well acquainted with the names of your favourite online companies but there are bleak chances that you know their numbers as well. That’s where the scammer outsmarts you, making you call on the number and divulge your confidential account information.

When you smell something phishy

There are ways you can differentiate a ‘phish’ from genuine messages. The message comprises language/information that sounds strange or too exciting. It can demand an immediate response and is not personalised in most cases.

Always be wary of any unsolicited incoming communication. Do not divulge any personal information on phone unless you have called your bank yourself. Always check the number you are calling and tally it with the number listed on your bank’s website. Avoid sending personal information and bank account details over email. In case of credit cards, for verification purposes, use the telephone number printed on the back of the card. Also remember no bank asks you for PINs, passwords or all 16 digits of your credit card number. Once you notice a ‘phish’ do not click on that link. Report it immediately.

In case you have unsuspectingly forwarded your details to a phisher, immediately intimate all compromised card issuers and report the case without delay. You can inform the CBI Cyber Crime Cell by mailing them at

Also read:

Identify e-mails phishing for data