Security Bulletin: "Vishing" Attack Targets Local Financial Institutions

We have received reports from members who have received phone calls claiming to be from Wells Fargo, Bank of America and most recently Bank of American Fork. A prerecorded message instructs the individual to provide information to unblock their debit or credit cards. These calls are a fraudulent “vishing” attempt.

As of now, UCCU members have not been affected by this attack. If in the future you receive this type of call please hang up the phone. You can protect yourself and your account by never giving out personal or account information to anyone who calls you requesting such information. We won’t ever call and ask for such information. If you did receive a call like this and provided your account or card information please contact us at (800) 453-8188 immediately.

What is Vishing? The term “vishing” refers to a technique for stealing information or money from consumers using telephone systems. The term comes from combining “voice” with “phishing”, with phishing being online scams that get people to give up personal information.

How does it work? Typically attackers use a caller ID spoofing technology to make it look like their fraudulent phone call is coming from a legitimate or familiar phone number. Because people typically trust caller ID, spoofing phone numbers is a particularly damaging component of vishing attacks.

Vishing attacks usually have a recorded message that tells users to press a number on their keypad to validate their account information. Usually this is in conjunction with a threat of some sort, such as “your account is disabled. To enable your account or to prevent your account from being locked out, please enter your credit card number.”

What can you do to protect yourself?

  • Be suspicious of any unsolicited calls where personal information is requested. Be just as suspicious of phone calls as you are of e-mails asking for personal information.
  • Don’t trust caller ID. Just because your caller ID displays a phone number or name of a legitimate company you might recognize, it doesn’t guarantee the call is really coming from that number or company.
  • Call them back. If someone is asking for information, tell them you will call them back. In the case of Utah Community Credit Union, call us using a number from your records.
  • Never provide credit card information or other private information to anyone who calls you.
  • Register your number with the National Do Not Call registry at Most legitimate telemarketers obey the rules and laws about contacting consumers.

Report vishing to the FTC on their website or call them at (888) 382-1222. The FTC will ask for the number and name that appeared on the caller ID, the time of day you received the call and what was said or heard in any recorded message. If you think you’ve been a victim of a vishing attack you can also contact the Internet Crime Complaint Center.

Share Button

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.