Article

What is vishing?

What is vishing?
F-Secure
F-Secure
|
25 Nov 2024
|
8 min read

What is voice phishing?

Scam calls are a form of fraud that is used to get access to your personal information, such as pass­words, bank account details, and other confidential material you do not want to get into the wrong hands.

The term vishing is a combination of the words voice and phishing. Phishing is a widely used method for online criminals to steal their victims’ personal information or infect their devices with malware, such as trojans. Where­as emails are the primary form of carrying out phishing attacks, scammers and cyber criminals use phone calls for vishing. Even your old land­line phone is a potential channel for criminals to threaten your cyber security!

Identifying a vishing scam may not be as easy as you might think. First of all, you cannot always tell if the call is a scam by simply looking at the number. Thanks to technologies like VoiP (Voice over Internet Protocol) and IVR (Inter­active Voice Response), scammers can easily target many victims all around the world. Another standard method of online criminals is to use false identities to trick their victims into giving away confidential information. When the victim thinks they are speaking to some­one they can trust, they are more likely to do as the caller asks them to.

One way scammers can get their hands on the victims’ phone numbers is by searching for numbers from leaked information obtained in data breaches. Scammers can also use phishing attacks to get a victim to reveal their phone number. If some­one is willing to give away their phone number easily, this is a good clue that they might be susceptible to a vishing attack too.

If you are worried that you might get targeted by online scammers by phone, you can make your phone number private. You can minimize the risk of becoming the victim of a vishing attack also by being careful where you give out your phone number. By restricting what information different mobile apps have access to, such as your address book, you can prevent other people’s numbers from getting into the wrong hands.

How to identify a vishing scam?

Online scammers are not always the criminal master­minds they are some­times made up to be. By looking out for certain clues, you can identify a vishing scam and stop it before any­thing bad happens. Here are four characteristics of a vishing scam to look out for.

1. You are asked to reveal confidential information. Whether it’s your financial information, address, date of birth, social security number, login details or other personal details, do not give them away to unreliable callers. Picking up a vishing call is not dangerous in itself. However, things can go wrong once you reveal information about your­self or do some­thing at the caller’s request.

2. The caller’s request is suspiciously urgent. To get you to reveal valuable information, there is often a sense of urgency in the scammer’s request. This way you are made to act quickly, without having enough time to think and realize the caller might be up to no good. Always stop and think if the caller’s request seems reasonable.

3. The caller tells you they are a reliable authority. This of course does not automatically mean that the caller is a scammer. Reliable authorities do in fact occasionally reach out by phone. How­ever, on the phone you cannot be sure of the caller’s true identity, so be careful.

4. The call is short and ends abruptly. Some­times scammers may try to get you to call back by making short calls that end before you get to even hear any­thing. Their goal is to get you to call back. Without the victim knowing, the call can end up being more expensive than they would have expected.

If you think that you might in fact be the target of a vishing attack, the best thing to do is to end the call immediately. Other ways to prevent your­self from becoming a victim of a vishing attack is by staying quiet or only responding to the caller’s questions with more questions.

You can protect your­self also by simply not picking up the phone in the first place if a suspicious number calls. If they really need to contact you, they will call again or send a message. Getting you to call back can be a trap. If you need to know who has called, you can try looking for the number on Google for more information. There are also apps that can be used to find out who has called you based on their phone number.

Examples of vishing phone calls

It does not matter whether the target is an individual user or a large company, both are tempting targets for a vishing scam. One way online criminals try to steal information from companies and businesses is through employees at different levels. For instance, a scammer may contact you claiming to be your super­visor and then ask to pay an invoice or down­load a piece of soft­ware. Unfortunately, many unsuspecting victims do as their boss tells them to.

More nuanced vishing attacks may take advantage of current events, such as the COVID-19 pandemic. In an attempt to take advantage of people’s concerns over the situation at the time, online criminals approached their targets with offers of corona­virus vaccinations and tests. This is just one example of how vishing can be used to deceive you. Here are some other methods used in vishing.

Acting as an authority figure

The caller may disguise them­selves as an authority that the person on the other end of the call may trust, such as some­one representing the government, the police, or a local authority. Just to make sure of your identity, the caller then asks for some piece of confidential information that can then be used for identity theft or account takeover.

Call from technical support

The IT department or technical support calls you, informing you that they have noticed anomalous and suspicious activity on your user profile. Luckily they can send you a link for down­loading the latest version of their soft­ware for fixing the issue. In reality, the caller is trying to get you to down­load malware on your device, so don’t be fooled. In some instances, criminals have managed to get the victim to provide remote access to their computer, in other words, giving criminals free hands to do what they wish on the victim’s device.

Investment and loan offers

Nowadays, more or less all of your investing and banking can be done online. Fraudsters and online criminals have surely taken notice of this. The alarm bells should be ringing if you receive an investment offer that sounds too good to be true. You are most definitely a target of either a Ponzi scheme or a hacking attempt. Just remember that real investors and loaners do not approach you out of the blue with their offers. Instead, they would have done thorough back­ground checks on you and your ability to pay, and would not be asking you for this information.

Telemarketing and competitions

Congratulations! You’ve won a competition you did not sign up for or have never even heard of. What­ever the caller claims or is telling you to do, be wary. In situations like this, scammers are trying to steal your personal or financial information that can then be used for identity theft or stealing your money.

Problems with your credit card account

Many could hardly live without access to their bank account and credit card. Scammers know this and might tell you that they have spotted an issue with your card or account. If someone asks for any of your financial information on the phone, hang up as it’s most likely a scam.

How phishing, smishing and vishing attacks differ?

As mentioned, vishing falls under the umbrella term of phishing. The defining factor of vishing scams is the use of voice, where­as email is online criminals’ trusted method used in phishing attacks. However, the use of phone calls can be just a part of a larger scam.

Another form of trickery similar to phishing and vishing is a method best known as smishing. Here the primary tools for online criminals are text messages and instant messaging services, such as Whats­App. Victims of smishing are sent messages with deceitful links that direct to fake web­sites that are then used to steal confidential information or infect the victim’s device with malware. What’s worse, smishing can be used to insert messages into pre-existing message chains, for example between the user and a delivery service, or some other known entity.

Even though the methods of phishing, vishing and smishing may vary, all three share the same motive: the scammer wants access to your personal information or is attempting to fool you for financial gain. All three are also ways to infect the victim’s device with various types of malware, such as trojans and spyware.

devices secured illustration

Protect everything you do online

Make staying safe online easy with one app that does it all.

total app on different devices

Block online scams and threats with FSecure Total

Protecting your digital life is easy with F‑Secure’s unrivaled protection, helping you and your family to stay safe against online scams, malware, identity theft, unsafe Wi‑Fi networks and much more.

  • Avoid SMS scams, fake shops and malicious websites automatically

  • Stop malware with top-rated antivirus software

  • Protect your personal data online and prevent ID theft

  • Create strong pass­words and store them in a secure vault

  • Safeguard your privacy with unlimited VPN

Read more about Total