The word “phishing” isn't new to anyone. It's extremely common and still so successful, but now criminals are using another type of scam, called vishing. The approach may be different but the motive is still the same.
What is vishing?
Vishing is a socially engineered technique for stealing information or even money from consumers using a telephone network. The process is pretty simple- the attacker will use a technique called caller ID spoofing. (This makes the caller seem legitimate). Just like online phishing, the voicemail will inform you of strange activity affecting your bank account, then the victim will be asked for their credit card details, so the problem can be "investigated".
"90% of incidents and breaches that occur include a phishing element"
What makes vishing so successful?
The criminal's list of targets is incredibly broad and never-ending. Attackers will cast a wide net by calling a large number of phone numbers they have searched, just to maximise their results. Many people feel as though they are too smart to ever become a victim to a vishing attack, yet many people are fooled every day.
Criminals love the power of voicemail, it can help them to gain access to your data by simply calling the target and appearing as a trusted source, like your bank.
Natural human instinct will make you believe the voicemail you've received is from a legitimate source; your bank would usually contact you via phone if there are any issues with your banking, this is where it becomes difficult to identify if you're being scammed or being contacted by a legitimate source.
How to identify vishing
There are a few simple ways to protect yourself and avoid becoming a victim of a vishing attack.
Remember to never divulge or share any of your sensitive information over the phone, even if its someone that claims to be a trusted source. ( It's a pretty obvious tip but can easily be forgotten).
People also have a tendency that banks never request your personal details from you via phone, unless you phone them yourself regarding an issue.
Another strategy vishers like to use is when instilling fear and urgency in their victims, often with fake threats. Common threatening topics are police arrests, deportation and license revocation.
Remember that cyber criminals will more than likely have your name, address and other personal details, which essentially is the kind of information you expect a genuine caller to have access to. Don't always believe the caller legitimate just because they have access to your information.
In some cases, criminals will hold your telephone line, so if you do hang up and decide to call your bank (to make sure you're not being scammed), you can get sent straight back to the fraudsters.
Types of vishing
It's normally quite easy to tell if you've received a vishing attempt based on the context of the call. While these attacks use increasingly convincing voice synthesis, some fraudsters still prefer to do things the old fashioned way, with persuasive playacting. Here are the common types of vishing you may come across:
- Fake IT support calling to remotely access your device to "fix a problem".
- Overdue or unpaid taxes to HM revenue and customs
- Prize or contest winnings, such as an all expense paid vacation.
- Fraudulent activity on your bank account
Click here to gain a high level risk assessment of your business's resilience to employee- targeted social engineering attack for FREE.
Things are getting personal
Sometimes when you receive a vishing phone call, it might not be a machine that picks up, it could be an actual person. This makes things a lot harder for the victim. Instead of being rude to the caller that shows you suspicious behaviour, inform the person calling that you are aware of vishing. If they are legitimate they will not be offended whatsoever.
Remember, if a visher is going to take the time to call you, they must have a reason to think you will make a good victim. This is where you need to be smart, tell then you will call them back in a moment. Then simply hang up and call the credit card company, phone service bank and ask them about the previous call you had just received.