Internet users beware: there's a new scam in the land of online fraud, and the irony is, it doesn't even take place online. The threat is a phone-based spin off of  "Phishing," a technique wherein an email purporting to be from a bank or other financial institution and containing a link to a phony website is sent to the victim, along with instructions to follow the link to correct or verify account information. If the victim follows the link and enters the information requested, he literally hands over access to his financial account to the monitors of the website, who are then free to use it to their advantage. The newest version of this, called "vishing," uses similar techniques, but relies on a more trusted mode of transmission - the telephone.

A vishing attack can originate online or through the actual phone. An online attack occurs when, like in a phishing attack, an email claiming to be correspondence from a familiar company is sent to the user; PayPal, for example, is a company that has been frequently  misrepresented. However, instead of providing a link for the user to follow, the email asks the user to call the included telephone number to verify account information. The number, of course, does not connect to the actual institution; rather, a Voice over Internet Protocal (VoIP) system, where a recorded voice asks for the user's account or credit card number for "verification." The VoIP then records any information the caller enters, including PIN numbers, passwords, and other sensitive information.

Phone-based vishing occurs when the perpetrator utilizes a war dialer, a modem used to automatically dial phone numbers, to call phone numbers in a given region. When the user answers the phone, a recording announces that the user's accounts have shown evidence of fraudulent activity. The recording then provides a phone number the user should call to verify account information. Once the user calls the number, events play out as they do in the online version of vishing.

Since the telephone has traditionally been a more trusted implement than the internet, people who wouldn't necessarily fall for a phishing scam have the potential to be blindsided by vishing. Some ways to avoid both email- and telephone-based vishing include:

1. Do not respond to emails sent from any bank or financial institution, even if they seem legitimate. The majority of banks would never contact a client through email regarding sensitive information.
2. Do not call phone numbers sent through and email. Place any calls to a bank via the phone number printed on your credit or debit card.
3. Do not give information to an institution that calls you - hang up and call the phone number printed on your credit or debit card to verify if the call you received was legitimate. A reputable business will not object to you doing so.
4. Inform friends and family about the dangers of vishing scams and warn them about giving their personal and account information to callers.

Following these simple tips can help prevent you falling victim to vishing, only the latest in a string of internet-based fraudulent crimes.