Vishing, The latest phishing attack trend
In our latest blog post; VISO Cyber Security Analyst; Sonal Hajare explains Vishing and the way fraudsters use the practice to trick you into revealing sensitive data to gain access to your accounts.
What is VISHING?
Most people are familiar with the phrase "Phishing," but Vishing is distinct from it. Phishing is the practice of tricking recipients of emails or text messages into opening attachments or visiting malicious websites or files.
Vishing uses verbal swindles to con others into acting in ways they think are beneficial for them.
Vishing, which combines the words "voice" and "phishing," is a phone scam when fraudsters call you and attempt to mislead you into disclosing personal, financial, or security information or into making a cash transfer to them.
You may receive a call from a fraudster pretending to be from a bank, card issuer, the Gardai/Police, or a service provider like a phone company, internet provider, or computer firm. They mislead you into thinking they are an authorized representative of the company and that it is in your best interest to provide the information they request.
Vishing is anticipated to have a significantly higher success rate than other phishing vectors due to two factors: first, the ability to reach a larger portion of the population via phone call compared to email, and second, the longer history of trust associated with telephone systems compared to more recent Internet-based messaging.
Scenarios for VISHING attacks:
The fraudster contacts the victim over the phone, pretending to be from their bank or another organization, and lets them know that there is an issue with their account or credit card. The fake alarm can at first be sent to the recipient by SMS, instructing them to phone a certain number to fix the problem.
You get a call from a business telling you that your PC, laptop, or modem has an urgent issue that needs to be serviced.
The criminal calls you and initiates contact. They pretend to be phoning from the legitimate company's phone number while actually calling from a hidden number.
In some instances, fraudsters attempt to persuade their victims to provide personal information, such as their health plan number, to take advantage of services. It's also typical for scammers to pose as government officials and ask victims to confirm their social security numbers so they can be reactivated. In these scams, the victim is told that her social security number has been suspended.
Links that promise the chance to make investments with significant returns or pay off debts for less than the original amount are another vishing scam technique. These "offers" typically include a time limit, so the person must take action right away.
The victim is informed that he would be eligible to gain from a recent tax adjustment since he resides in a particular county. He just needs to provide his name, address, and PPS or Social Security number.
What should you do if you accidentally provide personal information?
If you have already given out your financial details, it is crucial to get in touch with the bank and other institutions as soon as possible to let them know what happened and request that your account number be changed, the card be cancelled, and any potential future fraud be blocked.
Suggestions for preventing yourself from becoming a VISHING Victim
Don't answer calls from ominous numbers. Allow the call to go to voicemail if you don't recognize the caller's number.
Always double-check phone numbers since scammers could call you pretending to be from a reputable company. Get the caller's identity and make sure you can reach them at a legitimate business number before you give out any personal information or comply with their instructions. If the caller tries to talk you out of doing this, it's probably not legitimate.
Do not assume a caller is legitimate just because they have your name, address, date of birth, or account information because fraudsters may already be in possession of this information.
Never give out personal information since vishing attacks are meant to deceive the target into giving out information the attackers can use for fraud or other assaults. Never give a password, multi-factor authentication (MFA) code, bank information, or similar information over the phone.
Never provide remote access to your computer; visitors may ask for it in the name of eliminating malware or correcting a problem. Access to your computer should never be given to anyone unless they are a confirmed employee of your IT department.
Social engineering and SIM switching expose your phone number to hackers. When a telecom employee is tricked into providing an attacker access to your phone number, it is known as SIM switching. Always get in touch with the telecom if you get a suspicious message regarding a multi-factor PIN or modifications to your cell phone account to make sure you haven't been the victim of SIM swapping and account hijacking.
VISO are here to help. If you have any questions about Cyber Security, talk to us, in confidence today.