The new boundary line of online fraud: the vishing

Phishing, smishing: The universe of telematics frauds is sadly diverse due to the amount of techniques used to capture the personal or financial data of the victims, especially among those who carry out daily online transactions.

In the last period a new practice is taking hold in Italy, having reaped several victims in the United States: we are talking about vishing, better known as voice phishing.

The operation is quite easy: through a war dialer (nothing but an automated voice system via VoIP) the scammer makes dozens of calls to a group of contacts in a particular geographical region.

Typically, when the victim answers the call, a recording (often generated through a speech synthesizer) is played that warns the consumer of abnormal or fraudulent activity on their credit card or bank account, inviting them to contact a phone number. Most often, the caller ID associated with this number has been appropriately falsified or indicates a name identical to that of the financial company it pretends to represent.

When the victim calls the number, a guide entry invites them to type their credit card number or bank account number on the keyboard of their device; very often, the call is used to capture additional details, such as the PIN, expiration date or date of birth of the owner.

There are also more devious forms of vishing, which use “human” operators (usually call centres that perform services on behalf of the contractors) to induce the consumer to sign contracts for domestic supply or telephone, often under adverse economic conditions or in some cases omitting significant cost items.

In this case, the telephone operator uses a few simple questions (such as the fact that the identity of the unlucky person is, for example) with the aim of using the affirmative answer, appropriately registered, for the signing of contractual clauses: a system that, despite being patently illegal, nevertheless makes the contract fully effective (albeit invalid).

In other cases, the vishing technique is used to carry out real crimes, ranging from fraud (art. 640 and 640 ter c.p.) to substitution of person (art. 494 c.p.), often carried out against particularly vulnerable people such as the elderly: in this case the vishers, pretending to be friends or acquaintances of a relative in temporary difficulty, invite him to carry out banking operations of course exclusively for the benefit of the fraudster.

How to defend yourself from this kind of frauds?

As obvious as it is, the watchword is mistrust: it is always necessary to doubt anyone who requests this type of data, contacting the official channels of the institution involved to confirm the suspicions and, in the most serious cases, to the Postal Police.

In the case of long-term contracts, however, it is worth remembering that art. 51 of the Consumer Code stipulates that telephone acceptance, even if registered, must be accompanied “by sending the terms of the offer in writing or on durable support”; otherwise, the contract may not result in any constraint on the consumer, who may act on its resolution (as well as obtaining refund and damages for what is unlawfully paid).