Phone-based fraud and identify theft—also called vishing--impacts millions of Americans every year. In 2022 alone, the Federal Trade Commission received 2.3 million reports of fraud and 1 million reports of identity theft,1 costing consumers more than $43 billion.2
That same year, more than 1,000 organized data breaches impacted 422 million people.3
While most vishing is conducted by calls or texts from criminals who pretend to be representatives of the Social Security Administration (SSA), Medicare, the IRS or state departments of revenue, a new form of phone-based scam is emerging as a threat: fake voicemail alerts.
How do they work?
Fake voicemail alerts exploit your smartphone’s text and email technologies. You receive a text or email alert from the IRS, the SSA, or well-known brick-and-mortar or online vendors indicating that an urgent voicemail is waiting for you that requires action.
If they somehow have been able to get detailed background information on you, they may also impersonate your bank, credit card, mortgage company, or your primary care physician, attorney or financial advisor. In some cases, they may even claim that the “caller” is a sibling, child or grandchild.
The text or email usually tells you that to hear the voice mail you need to set up a “secure voicemail account” by clicking on a link or download an app. Fall for this ruse and chances are high that your phone will be hijacked by malware.
How to protect yourself from this ruse
The best way to avoid being taken in by fake voicemail alerts and other phishing and vishing scams is to never click on a link in an email or text.
There’s never a reason for you to set up a separate account to access a voicemail. If it’s a legitimate message, it’ll go to your regular voicemail.
It is true that some legitimate websites send texts or email messages with links for you to login to view an order or confirm an appointment. But if you’re not expecting this kind of message (for example, you haven’t made a recent purchase or an appointment) think twice about responding to one that seems to come from out of the blue.
Spoofers can often mimic the appearance and wording of messages coming from legitimate sources. That’s why it’s almost always better to confirm the legitimacy of the message by manually logging onto the sender’s website or app or calling the company.
You may also want to take advantage of “call filters” offered by your cellular phone service provider that can automatically block most robocallers, spammers and identity thieves.
If you do get taken in
If you do fall for a fake voicemail or any other phone-based scam, contact your cellular or landline service provider immediately, and take additional steps to head off potential financial damage:
- Login to the web-based versions of your apps and check to see if there’s been any suspicious activity or changes to your account. And change your passwords immediately.
- Contact your bank, credit card providers, financial institutions and financial advisor immediately to let them know what happened and ask for their advice on next steps you can take to secure your accounts or close them.
- Contact the three main credit reporting agencies—Experian, Equifax and Transunion—to report a fraud alert or request a credit freeze, which may make it difficult for scammers to open new credit card accounts using your stolen information.
- Visiting the FTC’s Identity Theft web site at https://www.identitytheft.gov/ to report what happened and get a suggested recovery plan.
This article was authored by Joelle Spear and Jeffrey Briskin. Joelle is a financial advisor and Partner located at Canby Financial Advisors, 161 Worcester Road, Framingham, MA 01701. She offers securities and advisory services as an Investment Adviser Representative of Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. She can be reached at 508.598.1082 or email@example.com Jeffrey Briskin is Director of Marketing at Canby Financial Advisors.
©2023 Canby Financial Advisors