We’ve all heard about phishing, where a fraudster sends an email from a familiar or authoritative source and tricks you into providing your personal, financial or company information.
Vishing, or voice phishing, is where a fraudster does the same over a landline or mobile phone. They lead you to believe they’re trustworthy and then use the information you give them to either impersonate you, steal your money or sell your data.
The thing about it is that voice phishing fraudsters can’t be caught – placing a phone call through the internet is virtually impossible to trace.
Vishing attacks are often automated, where voice recordings are sent to many people at once using purpose-built software. Other times, it’s the hackers themselves who’re making the calls.
Either way, the scammers don’t hold the power – you do – because the success of a vishing scam relies on you falling for it and voluntarily giving them the details they’re after.
Vishing examples
Some scammers already have some of your personal information, such as your credit card details, but in order to gain access to your account they’ll need a one-time pin (OTP) that’s sent to your phone.
The phone call they make to you then, will be to try and get you to give them an OTP sent to your phone. If you read it to them, they can then enter the OTP that was meant for you only and access your online profile or complete a purchase for themselves.
Warning bells should start ringing as soon as a caller tells you they’ve found fraudulent activity on your card and need to verify you to secure your account.
Vishers, pretending to be from the bank or a security company, could also offer to help you install software to “protect your system”. Where it’s a scam, the software will turn out to be malware in disguise.
Some scammers are easy to detect but others do a good job of impersonating a trustworthy source. The only solution is to be extra sceptical when someone you don’t know calls you.
Vishing don’ts
Don’t give out personal or company information to someone who:
• is an unsolicited caller, no matter who you think it is
• already has some of your information, until you can verify their identity
• asks you to give them your bank details or an OTP over the phone
• asks for immediate payment
• says they can solve a problem with your bank account
• offers unsolicited technical support
• tells you you’ve won something
Also, don’t feel obliged to carry on a call politely if you suspect it’s a scam. If you’re in two minds, ask for their number and say you’ll call back. Or ask them a few “security” questions of details they should have if they are who they say they are.
The power to refuse
The good thing is that a voice phisher’s chance of success depends entirely on your response. If you don’t give them what they’re asking for, you’re safe.
If you’d like to improve your company’s cyber security measures, chat to us.
Do you have proper data protection in place?
New all-in-one cyber security and backup product gives more peace of mind