Be careful what you 'vish' for
One way to protect personal information is to follow the rule of 'Don't call me, I'll call you.' But you have to be sure you're calling the right number, or you could fall into a 'vishing' trap.
Vishing is a variant of phishing, which traditionally uses e-mails to get a victim to visit a Web site and divulge personal or account information.
The new wrinkle is to skip the malicious Web sites and direct the victim to call a phone number and give the desired information by phone. According to the Internet Crime Complaint Center (www.ic3.gov), a collaboration between the FBI and the National White Collar Crime Center, vishing messages might even include warnings never to reply to an e-mail requesting personal information or click on embedded links, in an effort to appear trustworthy.
Sound advice, but take it a step further and do not provide information by phone unless you have made the call yourself to a number obtained from a trusted source.
Your financial statements, for instance, should contain a customer service number. If anyone wants you to call a different number, it's probably a bad idea.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.