After phishing comes vishing, that is scam “Voice fishing”. See how swindlers throw their victims into their trap.
Phishing is an email scam in which the scammer poses as a reliable source to deceive recipients into revealing sensitive information or downloading malware. Vishing is a similar “voice fishing” scam with many variations, which can fool even large organisms, with potentially catastrophic consequences.
In 2020, phishing, vishing, and other scams cost more than $ 54 million to more than 241,000 victims, based solely on cases reported to the FBI, but many other cases of fraud have not been reported to authorities. According to the international cybersecurity company ESET, users can take measures to avoid falling victim to voice fishing.
How vishing scams work
Scammers use social engineering to manipulate their victims. They present themselves as a body that you trust – for example, your bank, the technology company you work with, a government agency, a technical support staff – and give you the impression that this is an urgent or worrying event. This sense of urgency or fear that they create, prevails over any physical attention or suspicion that the victim may have.
These techniques are also used in phishing emails and fake text messages (known as SMS phishing). But they may be more effective when used “live” over the phone.
Vishers – that is, fraudsters who use voice fishing techniques – have many additional tools and tactics to make their scams more successful, such as:
– Caller ID counterfeiting tools, which can be used to hide the real location of the scammer and even change phone numbers to make it appear that the call is coming from a trusted organization.
– Scams using a combination of different tactics, which may start with a fake SMS (smishing), a phishing email or a voice message and encourage the user to dial a number. If the victim calls, he will speak directly to a scammer.
– Scammers can investigate and find a wealth of information about its victims on social media and open sources. Scammers can use this information to target specific individuals (such as employees of companies with access to privileged accounts) and thus make communication more legitimate – that is, the scammer may disclose certain personal information to the victim so that he or she can extract more information.
Such attacks are more common thanks to the massive shift to remote work during the pandemic, as warned by the FBI. An attack on Twitter, in which employees were tricked by vishers into revealing their logins, shows that even technology companies can fall victim to an attack.
Scammers use vishing to attack consumers as well. Their ultimate goal is to make money either by stealing direct bank accounts or card details, or by tricking you into giving out personal information and credentials that they can use to access these accounts.
Typical scams
Scams with technical support: In technical support fraud, victims are often approached by someone pretending to be calling from the telecommunications provider or a known software or hardware vendor. Scammers will claim to have found a problem with your computer and then ask for a fee (and your card details) to fix it. Sometimes, the process also involves downloading malware without the victim’s knowledge.
Sending messages to a large number of telephone numbers (Wardialing): This is the practice of sending automated voice messages to a large number of victims and usually tries to scare them into calling back – for example by claiming that victims have unpaid tax bills or other fines.
Telemarketing: Phone call in which the scammer claims you have won a prize and a cash deposit is required before the victim can receive the prize.
Phishing/smishing: Scams can start with a fake email or fake SMS, encouraging the user to call a number. A popular scam is an email from a “company” claiming that something is wrong with a recent order. By calling the number, the victim will eventually connect with the scammer.
How to protect yourself
To prevent voice fishing, according to ESET, there are some basic protection steps:
- Remove your phone number from the phonebook so that the number is not available to the public.
- Do not fill in your phone number on online forms (ie when shopping online).
- Be wary of requests for information about your bank, personal or other sensitive information over the phone.
- Be cautious – do not enter into discussions with someone who is calling you, especially if that person asks you to confirm sensitive information.
- Never call back a number that was notified to you via voicemail. Always contact the organization that your interlocutor is supposed to represent first.
- Use Multi-Factor Authentication (MFA) on all online accounts.
- Make sure email / Internet security software is up to date and includes anti-phishing features.
Source: ΑΠΕ – ΜΠΕ
READ ALSO