phone phishing
pp. Using a phone call to obtain a person's personal, financial, or password data.
Also Seen As
For many of the most sophisticated Phishers, telephone Phishing has become the method of choice for harvesting personal information. Instead of directing you to a spoofed Web site, you'll receive an e-mail prompting you to call a customer support number. If you make the call, you'll be connected to a real person or receive an audio response requesting your account number, personal identification number and/or password — the personal data needed to initiate a successful identity theft.
—Al Winchell, “Phone Phishing latest technique to get your info,” News-Press, August 01, 2005
One of the most prevalent and accessible methods of gaining access to personal data is the simple process of picking up the phone and calling a customer service call center. Customer service agents are trained to "take care" of callers and often will go to great lengths to be helpful. This is just what an identity thief is counting on. The concept of taking advantage of helpful customer service agents to steal information over the telephone is sometimes called phone phishing or pretext calling; in a broader context it can be referred to as social engineering. Phone phishing is particularly disturbing because unlike Internet phishing, the victim is not involved and is completely unaware that someone else is calling pretending to be them. With just a few calls, thieves can gain the bits and pieces of data required to assemble unquestioned access to a customer’s accounts and other information.
—George T. Platt, “Phone Phishing: Are your Agents Too Helpful?,” Connections Magazine, July 01, 2005
2004 (earliest)
Many customers do not feel like typing their information into a secure shopping cart and want to make their orders using a cell phone. This is also a way to lose all of your personal info, as there are phishers who use ordinary police scanners to pick up cell phone calls beginning with the magic words, "I want to place an order."
—Sharon Freeman, “Phone Phishing,” Forbes, October 18, 2004
There are four main ways that phone phishers obtain a person's sensitive data:
  • Call the person, pretending to be an employee of a company.

  • Get the person to call a phone number controlled by the phisher.

  • Call a company, pretending to be the person.

  • Eavesdrop on the person's cell phone calls.