Vishing: What it is and how you can protect yourself

We've all heard of the “ phishing, the well-known email scam in which the fraudster poses as a trustworthy source to trick recipients into revealing sensitive information or downloading malware.

Vishing is a similar "voice fishing" scam. It is a trick with many variations that can fool individuals and large organizations - with potentially catastrophic consequences.

phishing vishing smishing

It may seem unlikely that you would fall victim to such a scam, but by 2020, phishing, smishing, pharming and vishing cost more than $ 241.000 million to more than 54 victims. And these are the only cases reported to the FBI, as many cases of fraud are not reported to the authorities.

According to the international cybersecurity company ESET we can take measures not to fall victim to voice fishing.

But first let's look at how these scams work, how they affect businesses and individuals, and then how we can protect ourselves from them.

1. The problem with μηχαν social engineering

"Voice fishing" works successfully for both consumers and businesses for a very simple reason: human .

Scammers use social engineering to manipulate their victims. Scammers are portrayed as a person you trust - such as your bank, the technology company you work with, a government agency, a technical support worker - and give you the impression that this is an urgent or worrying event. This sense of urgency or fear that they create outweighs any physical attention or suspicion that the victim may have.

These techniques are used in phishing emails and fake text messages (known as smishing from SMS Phishing). But they may be more effective when used "live" over the phone. Vishers - fraudsters who use voice fishing techniques - have many additional tools and tactics to make their scams more successful, such as:

  • Caller ID spoofing tools, which can be used to hide the scammer's true location and even change phone numbers to make the call appear to be from a reputable organization. Last year, for example, personal information was stolen customers of the Ritz London hotel during a breach at the luxury hotel. Fraudsters used the data to carry out social engineering attacks against victims, spoofing the hotel's official number in the process.
  • Scams using a combination of different tactics that may start with a fake SMS (smishing), a phishing email or a voicemail and encourage the user to dial a number. If the victim calls he will speak directly to a scammer.

  • Scammers can investigate and find a wealth of information about its victims on social media and open sources. Scammers can use this information to target specific individuals (say, employees of companies with access to privileged accounts) and to make communication more legitimate - that is, the scammer may disclose certain personal information to the victim so that he or she can to extract more information.

2. The impact of vishing in the workplace

In the corporate environment, Vishing may be used to steal credentials. The FBI has repeatedly warned of such attacks. In August 2020, he described an advanced operation in which cybercriminals studied their targets in detail and then called them on the phone pretending to be calling from the IT department. Victims were encouraged to fill in their login details on a phishing website designed to look like the login page to the company's VPN. These credentials were then used to access the company's databases to steal customers' personal information.

Such attacks are more common in part because of the massive shift to remote work during the pandemic, the FBI has warned. In fact, the FBI was forced to issue another warning in January 2021 about an operation in which similar techniques were used to give cybercriminals access to the corporate network.

A well-known attack on Twitter, in which employees were deceived by vishers to reveal their logins, shows that even technology companies can fall victim to an attack. In this case, the access was used to breach accounts of famous Twitter users to distribute a cryptocurrency fraud.

3. How can voice fishing target your family?

Unfortunately, fraudsters use vishing to attack consumers. In these attacks, the ultimate goal is to make money from you: either by stealing direct bank accounts or card details, or by tricking you into giving out personal information and credentials that they can use to access these accounts.

Here are some common scams:

◦ Scams with technical support

In technical support fraud, victims are often approached by someone pretending to be calling from a telecommunications provider or a known software or hardware vendor. Scammers will claim to have found a problem on your computer and then ask for a fee (and your card details) to fix it. Sometimes, the process involves downloading malware without the victim's knowledge.

. Sending messages to a large number of telephone numbers - Wardialing

This is the practice of sending automated voice messages to large numbers of victims, usually trying to scare them into calling back – for example by claiming that the victims have unpaid bills at or other fines.

◦ Telemarketing

Another popular tactic is the phone call in which the scammer claims you have won a prize. The only problem is that a cash deposit is required before the victim can receive the prize.

◦ Phishing / smishing

As mentioned, scams can start with a fake email or fake SMS, encouraging the user to call a number. A popular scam is an email from Amazon claiming that something is wrong with a recent order. By calling the number, the victim will eventually connect with the scammer.

4. How to prevent vocal fishing

As these types of scams become more sophisticated, there is a lot you can do to mitigate the risk. According to ESET these are some key steps:

  1. Remove your phone number from the phonebook so that the number is not available to the public.
  2. Do not fill in your phone number on online forms (that is, when you do on line).
  3. Be wary of receiving requests for information about your bank, personal or other sensitive information over the phone.
  4. Be cautious - do not engage in discussions with someone calling you, especially if that person asks you to confirm sensitive information.
  5. Never call back a number that was notified to you via voicemail. Always contact the organization that your interlocutor is supposed to represent first.
  6. Use Multi-Factor Authentication (MFA) on all online accounts.
  7. Make sure email / Internet security software is up to date and includes anti-phishing features.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
vishing, vishing τι εing, vishing meaning, vishing example, vishing cyber crime, vishing scam, iguru.gr, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).