What is Vishing?
Voice + phishing = Vishing. Similar to phishing, vishing is a social engineering attack that deceives and plays with your emotions, such as greed, fear, or sense of urgency, to get personal information out of you.
An attacker would call you on your number, pretending to be a legitimate person, and try to get your private information, such as bank account number, home address, email address, or anything that could be used to steal your identity in the future.
Unlike phishing attacks where the perpetrator uses different mediums such as emails or spoofed URLs, vishing attacks rely on phone calls and Voice over IP (VoIP) technology such as WhatsApp, Skype, Messenger, and similar services.
How Does Vishing Work?
During a vishing attack, a scammer will call you on your number and pretend that they’re calling from genuine corporations such as your local bank, an entity in authority like a government body, or act like they’re somebody you’ve met before.
There are two types of vishing attacks:
- The scammer is a real human being who gets as much information as they need about you while speaking to you on the call.
- A voicemail from an unknown number showing urgency to call back at your earliest. When you call back, you’ll hear a robot that’ll guide you to enter your details to move forward. What’s happening is that your details are being sent to a hacker.
With the advancements in tech and the rise of AI and deep fake technology, vishing attacks are increasingly becoming sophisticated. Vishing can now impersonate someone you know and not just their voice but their body tone as well. It could be someone like your family member or your coworker who needs help, making it nearly impossible to identify.
Examples of Vishing
Vishers use several types of tricks, and the most common ones are:
Telemarketing or Enterprise Fraud
Vishers will pretend to be a representative calling from an authentic company and try to get you to reveal private details by asking personal questions. They could pretend to be your local insurance agency, a credit card company, or anyone who has access to your basic information.
These scammers might use phrases like ‘you’ll miss out on this amazing offer if you don’t sign up with your personal information.’ They’ll create this sense of urgency that you must reveal your private information to them before time runs out.
Government Agency Fraud
A visher will pretend to call from a government agency like the Federal Bureau of Investigation, Internal Revenue Service (IRS), or Social Security Administration (SSA). During the call, they’ll try to scam you by instilling a sense of fear, having a stern tone, and creating unnecessary urgency.
They might say that you haven’t paid your taxes or could pull up your criminal record and threaten to fine you. Being in this position will panic you into giving your personal information such as your social security number or any other details that they might ask. In the end, a visher might tell you to deposit money into one of their accounts.
Tech Support Fraud
Tech support fraud is pretty common. The scammer will tell you that they’ve discovered vulnerabilities on your device that need to be updated urgently. To fix the vulnerability, the scammer will ask you to provide them remote access to your device.
If you agree to give them remote access, the scammer will have complete control of your device, where they can easily steal the data stored on your device. What’s worse is that the hacker could install spyware on your device to monitor what you do on the device.
Bank or Other Financial Institution Fraud
Like most attacks where the intent is to get your financial information out of you, this is no different. A visher will pretend to be a representative calling from your bank, and they might tell you that there’s been suspicious activity on your account. To fix the issue, they’ll tell you to share your banking details with them.
Other financial institutions claiming to be government bodies might tell you that you’ve got fraudulent charges against you and to rid you off those charges, you have to pay them a one-time fee.
This is the worst type of fraud where the scammer will target the elderly and create a fake scenario. They could say that your child or grandchild had an accident or they’re in jail or anything that would make you weak and wanting to help.
If you’re not convinced, they’ll provide you with a number of a doctor or lawyer who’s handling the case. That person will ask you for more details until they get the personal information they need.
How to Prevent and Protect Yourself from Vishing
- The key to stay secure is to be aware and stay updated with the dangers lurking around us, such as phishing attacks, smishing, and vishing.
- When you get such a call, don’t give in to fear and urgency. These hackers thrive on manipulating the target’s sentiments and stress them out to give in their private information. Just hang up the call and don’t stress on it.
- The best practice is to avoid answering calls from unknown numbers. If you think that someone you know might be calling you, know that if it’s urgent, they’ll leave you a message.
- Act smart. If you received a call and believe it might be a vishing attempt, call the agency that called you and confirm if they indeed called you.
- Don’t excessively share much about your life online. The more information you share online, the more the chances of you falling victim to such attacks because it gives the vishers the ammunition they need to make a convincing argument.
- Keep yourself and others around you updated regarding the dangers lurking online. This is especially important for companies as hackers tend to target corporations.
Keep in mind that legitimate companies don’t ask your private information over the phone. Make a habit of enquiring about the caller if you notice they’re trying to trick you into giving your sensitive information.