What is voice phishing
?
Scam calls are a form of fraud that is used to get access to your personal information, such as passwords, bank account details, and other confidential material you do not want to get into the wrong hands.
The term vishing is a combination of the words voice
and phishing
. Phishing is a widely used method for online criminals to steal their victims’ personal information or infect their devices with malware, such as trojans. Whereas emails are the primary form of carrying out phishing attacks, scammers and cyber criminals use phone calls for vishing. Even your old landline phone is a potential channel for criminals to threaten your cyber security!
Identifying a vishing scam may not be as easy as you might think. First of all, you cannot always tell if the call is a scam by simply looking at the number. Thanks to technologies like VoiP (Voice over Internet Protocol) and IVR (Interactive Voice Response), scammers can easily target many victims all around the world. Another standard method of online criminals is to use false identities to trick their victims into giving away confidential information. When the victim thinks they are speaking to someone they can trust, they are more likely to do as the caller asks them to.
One way scammers can get their hands on the victims’ phone numbers is by searching for numbers from leaked information obtained in data breaches. Scammers can also use phishing attacks to get a victim to reveal their phone number. If someone is willing to give away their phone number easily, this is a good clue that they might be susceptible to a vishing attack too.
If you are worried that you might get targeted by online scammers by phone, you can make your phone number private. You can minimize the risk of becoming the victim of a vishing attack also by being careful where you give out your phone number. By restricting what information different mobile apps have access to, such as your address book, you can prevent other people’s numbers from getting into the wrong hands.
How to identify a vishing scam?
Online scammers are not always the criminal masterminds they are sometimes made up to be. By looking out for certain clues, you can identify a vishing scam and stop it before anything bad happens. Here are four characteristics of a vishing scam to look out for.
1. You are asked to reveal confidential information. Whether it’s your financial information, address, date of birth, social security number, login details or other personal details, do not give them away to unreliable callers. Picking up a vishing call is not dangerous in itself. However, things can go wrong once you reveal information about yourself or do something at the caller’s request.
2. The caller’s request is suspiciously urgent. To get you to reveal valuable information, there is often a sense of urgency in the scammer’s request. This way you are made to act quickly, without having enough time to think and realize the caller might be up to no good. Always stop and think if the caller’s request seems reasonable.
3. The caller tells you they are a reliable authority. This of course does not automatically mean that the caller is a scammer. Reliable authorities do in fact occasionally reach out by phone. However, on the phone you cannot be sure of the caller’s true identity, so be careful.
4. The call is short and ends abruptly. Sometimes scammers may try to get you to call back by making short calls that end before you get to even hear anything. Their goal is to get you to call back. Without the victim knowing, the call can end up being more expensive than they would have expected.
If you think that you might in fact be the target of a vishing attack, the best thing to do is to end the call immediately. Other ways to prevent yourself from becoming a victim of a vishing attack is by staying quiet or only responding to the caller’s questions with more questions.
You can protect yourself also by simply not picking up the phone in the first place if a suspicious number calls. If they really need to contact you, they will call again or send a message. Getting you to call back can be a trap. If you need to know who has called, you can try looking for the number on Google for more information. There are also apps that can be used to find out who has called you based on their phone number.
Examples of vishing phone calls
It does not matter whether the target is an individual user or a large company, both are tempting targets for a vishing scam. One way online criminals try to steal information from companies and businesses is through employees at different levels. For instance, a scammer may contact you claiming to be your supervisor and then ask to pay an invoice or download a piece of software. Unfortunately, many unsuspecting victims do as their boss
tells them to.
More nuanced vishing attacks may take advantage of current events, such as the COVID-19 pandemic. In an attempt to take advantage of people’s concerns over the situation at the time, online criminals approached their targets with offers of coronavirus vaccinations and tests. This is just one example of how vishing can be used to deceive you. Here are some other methods used in vishing.
Acting as an authority figure
The caller may disguise themselves as an authority that the person on the other end of the call may trust, such as someone representing the government, the police, or a local authority. Just to make sure of your identity, the caller then asks for some piece of confidential information that can then be used for identity theft or account takeover.
Call from technical support
The IT department or technical support calls you, informing you that they have noticed anomalous and suspicious activity on your user profile. Luckily they can send you a link for downloading the latest version of their software for fixing the issue. In reality, the caller is trying to get you to download malware on your device, so don’t be fooled. In some instances, criminals have managed to get the victim to provide remote access to their computer, in other words, giving criminals free hands to do what they wish on the victim’s device.
Investment and loan offers
Nowadays, more or less all of your investing and banking can be done online. Fraudsters and online criminals have surely taken notice of this. The alarm bells should be ringing if you receive an investment offer that sounds too good to be true. You are most definitely a target of either a Ponzi scheme or a hacking attempt. Just remember that real investors and loaners do not approach you out of the blue with their offers. Instead, they would have done thorough background checks on you and your ability to pay, and would not be asking you for this information.
Telemarketing and competitions
Congratulations! You’ve won a competition you did not sign up for or have never even heard of. Whatever the caller claims or is telling you to do, be wary. In situations like this, scammers are trying to steal your personal or financial information that can then be used for identity theft or stealing your money.
Problems with your credit card account
Many could hardly live without access to their bank account and credit card. Scammers know this and might tell you that they have spotted an issue with your card or account. If someone asks for any of your financial information on the phone, hang up as it’s most likely a scam.
How phishing, smishing and vishing attacks differ?
As mentioned, vishing falls under the umbrella term of phishing. The defining factor of vishing scams is the use of voice, whereas email is online criminals’ trusted method used in phishing attacks. However, the use of phone calls can be just a part of a larger scam.
Another form of trickery similar to phishing and vishing is a method best known as smishing. Here the primary tools for online criminals are text messages and instant messaging services, such as WhatsApp. Victims of smishing are sent messages with deceitful links that direct to fake websites that are then used to steal confidential information or infect the victim’s device with malware. What’s worse, smishing can be used to insert messages into pre-existing message chains, for example between the user and a delivery service, or some other known entity.
Even though the methods of phishing, vishing and smishing may vary, all three share the same motive: the scammer wants access to your personal information or is attempting to fool you for financial gain. All three are also ways to infect the victim’s device with various types of malware, such as trojans and spyware.