VISA Security Vishing Scam


A recent vishing attack is affecting Iowa financial institutions. The attack consists of automated telephone calls made to individuals' cellular telephones, claiming to originate from Visa® security. The automated call demands that the person enter information, such as their primary account number (PAN), card expiration date, or card verification value  (CVV2),  immediately through their touchtone telephones to prevent account deactivation.

While some people have been able to capture the caller ID of the incoming fraudulent call, most of the telephone numbers appear to be spoofed, meaning the number is one of an uninvolved third party. This spoofing technique allows the fraudsters to mask the true source of the call. Since account  information is demanded as part of the initial call, there is no callback telephone number given that law enforcement can attempt to have disconnected, making the attack nearly impossible to defeat.

VISA, Shazam, or MidWestOne Bank will never call or email and ask you for this information.