You may have heard of “phishing,” where cyber criminals use email or text messages to steal money and/or financial data from unsuspecting recipients. Well, now, we are facing another skyrocketing cyber scam called “vishing.” This type of attack is where criminals use social engineering techniques to convince people to share confidential data. The term is a combination of “voice,” and “phishing.”
How does vishing work?
Attackers will use ID spoofing to create the illusion a call comes from a legitimate phone number. It’s similar to e-mail spoofing where the sender’s address looks like it is coming from a trusted source such as [email protected] instead of the correct hulu.com. Vishing attackers often leave a sincere-sounding voicemail directing recipients to call a toll-free number and scare them into entering their financial information.
It’s actually really easy to spoof a number using VoIP. SpoofCard is a spoofing service. In addition, Skype allows paid users to pick their preferred area codes and prefix number. Telemarketers were caught using spoofing to bypass the Do Not Call lists. Further, ID spoofing is not illegal. In some scenarios, ID spoofing is used for safety precautions. For instance, a doctor may call a patient but does not want the patient to have their phone number. In another example, someone using an online dating service may want to talk to potential suitors but don’t want them to have their actual phone number either. Nonetheless, most spoofing is used for nefarious purposes.
Indeed, crime rings use ID spoofing to accelerate their vishing scams. They might use a type of software called a war dialer that identifies numbers they can call. Then, they create an automated recording to induce fear. Invariably, fear is a trigger to get most people to do anything you want. So then, they might leave a message stating the recipient’s credit cards have been flagged for fraudulent activity and to provide credit card numbers, PINs, or social security numbers for account verification and reactivation. No one wants their accounts frozen. You can imagine how many people do fall for this type of vishing attack.
How can you prevent vishing?
The first step is awareness. Hopefully, this article has taken you to step one. Next, don’t give any confidential or financial information out without verifying unexpected phone requests. Look up the phone number. If the caller leaves a company name, call the company and ask to speak with the caller who made the request.
Also, be cautious of requests made over the phone or via voicemail. Report anyone who calls asking for personally identifiable information over the phone. Err on the side of caution. Do not let fear cause you to share information without verification. Since ID spoofing is easy, don’t trust your caller ID. Then, register your number with the National Do Not Call registry here: donotcall.gov. If the telemarketer is legitimate, they will follow local, state, and federal laws. Moreover, you can report vishing scams here: www.ftc.gov or call (888) 382-1222
We hope this article has helped you feel safer about vishing. If you have further questions, we are happy to help!
Are you meeting your business goals? Do you have the right processes and systems in place? Is your business growing or is it stagnant? Is your network secure? Whatever goal you are looking to achieve please don’t hesitate to reach out. Please make use of the training materials above and get in contact with us so that we can review your IT Network. You can call us at 201-402-1900 or email us at [email protected].