Most people know about internet scams. If you visit the wrong website or open the wrong email, it is surprisingly easy to become a victim of cybercrime.
One type of scam that many people overlook, however, is the type that happens over the phone. And unfortunately, these scams can be just as costly.
Most phone scams rely on a technique known as vishing. So what is a vishing attack? And how to protect yourself from it?
What is Vishing?
Vishing, also known as voice phishing, is a type of social engineering in which attackers call victims by phone pretending to be someone else.
This can also happen in reverse, with the victim having to initiate the phone call.
The person online can pretend to be tech support, a bank employee, or even a police officer. In reality, they are criminals, who usually call thousands of miles away, and the only thing they really want is your personal information.
If they are successful, the next step is either identity theft or electronic fraud.
How does Vishing work?
To start a vishing scam, all an attacker really needs is a phone number, a victim, and an idea. Here’s how vishing works.
Create a fake number
First of all, the attacker needs a way to create a fake number. Most people will check who is calling them before giving out information. Most also won’t call a number if it doesn’t have the correct area code.
Attackers often use call spoofing to achieve this. It provides them with a fake number that is both local and anonymous.
Find a victim
All vishing scams start with finding a potential victim. One method is to email thousands of people and wait for someone to respond. Another is to find directories of people and start calling them one by one. Your number may also have been involved in a data breach.
It is possible to get people to start calling the fake number by posting it on social media pretending to be someone else.
The next step depends largely on the imagination of the attackers. It also depends on how many different numbers they have access to.
They can choose a single message and call a thousand numbers by asking the same question. Or they can take a more personalized approach and come up with a story designed to take information from a specific individual.
Examples of vishing attacks
Vishing’s tactics are constantly changing. When an attacker stops functioning, the attackers simply move on to the next.
Most, however, involve the same fake characters or types of characters.
Bank identity theft
A bank clerk will tell you that there is a problem with your account. In order to resolve the issue, they must first verify your contact details.
A telemarketer will notify you that you have won a free prize. To receive the prize, all you need to do is confirm your address.
A technical support agent will tell you that they found a problem with your computer, smartphone, or other device. They may offer to email you a solution. Or they can ask to remotely connect to your computer.
A technical salesperson will give you an amazing deal on some type of IT service or software. Again, they require either an email address or access to your computer.
Government identity theft
A government employee (usually the IRS) will tell you that there is a legal problem. To avoid a penalty, you just need to check a few details. Sometimes they will even ask for money over the phone.
How To Recognize Vishing Scams
Cybercriminals rely on the fact that the majority of people don’t know their tactics. Vishing is no exception to this rule.
Most vishing calls are actually fairly easy to recognize once you know they exist.
Always be suspicious whenever someone calls you and claims to be in a position of power.
The average person is pretty cold when calling a stranger. A con artist, on the other hand, will often try to be incredibly friendly or, if that doesn’t work, even moderately threatening.
All vishing calls end up asking for something. Be on guard whenever an unknown caller asks for personal information of any kind.
Anyone who phones for a living knows that they are not allowed to do so. Your bank, for example, will never ask you to provide sensitive information over the phone.
How to prevent vishing scams
Half the battle to prevent vishing is just knowing it exists. Afterwards, you just have to be careful and vigilant.
Do not answer unknown numbers
The easiest way to prevent a vishing call is to simply not pick up the phone. Of course, this is not always practical. If you don’t know which number is calling, you can let it go to voicemail. If it’s so urgent, they should leave a message. Obviously, this is not always the case, however.
Be careful who you call
When looking for a number online, be careful where you look. Never call numbers you find on social media.
Always check who you are talking to
If you must get a phone call from a stranger, don’t discuss anything important without first checking who you’re talking to. This can be done by making arrangements to remind them to a number of your Choose.
Keep in mind that many scam callers will have their own scam number ready to give, claiming it is their own personal direct line.
Do not give out personal information
This one is pretty straightforward. Do not give out any personal information for any reason. It’s generally okay to confirm minor details when calling someone. It’s never good when they call you.
Don’t trust anything they say
The average scammer is an expert at obtaining information that the victim doesn’t want them to have. They make these calls all day. And they usually work with a script.
Vishing is easy to recognize
Vishing is effective because most people don’t know how common it is. It also relies on a wide array of tips to convince you that you have no choice but to provide the information requested.
The good news is that by learning these tips beforehand, most vishing calls become easy to recognize and therefore easy to avoid.
Anyone can be fooled by a phishing email or website vulnerability. Beware of these advanced phishing tips.
About the Author