Vishing is a communications scam in which an individual or a business receives a phone call from a criminal who is posing as a representative of a trusted organization (such as a bank, insurance provider, IRS, etc.) in order to obtain critical personal and financial information. And in fact, vishing is one of the most common security threats Voice over Internet Protocol (VoIP) users face. While it is less technologically sophisticated when compared to other threats (such as the recent cyber attack against Dyn that disrupted most of the East Coast’s internet), it can cause just as much damage if not detected and stopped.
In this article let’s take a look at some of the most common vishing tactics criminals use as well as ways on how to protect your business.
Vishing scams can be carried out in several ways. In most cases, hackers use VoIP or cellular phones to contact people and trick them into giving up sensitive information. Typically, they also use caller ID spoofing to make it appear as if the call is coming from a legitimate phone number. This technique is similar to email spoofing, in which e-mail addresses are disguised as if they are from a trusted source.
Most vishing attacks usually follow the same pattern:
- Scammer places a phone call, identifying himself as a representative of a trusted company.
- Scammer informs you that there is a complication regarding your account or transaction or that you have been flagged for fraudulent activity. Then, scammer proceeds to ask for sensitive information, including mailing address, bank account information credit card numbers, passwords, etc
- Scammer ends the phone call once he or she has obtained all the relevant information he or she needs.
Some criminals also trick unsuspecting businesses by using a combination of vishing and phishing (fraudulent emails and/or malicious links). These scams include sending businesses an email, notifying them of a problem with their online account. Then, the email providers users with instructions to call a number and provide relevant details to verify their account and fix the problem.
Fortunately, like most threats against VoIP, vishing can be prevented and stopped. Here are a few helpful tips:
- Be aware. Awareness is your first and strongest defense against vishing. By knowing that such scam exists and by educating your employees about it, you can keep scammers away and discourage them from targeting you.
- Never divulge critical company information over the phone.
- Verify caller’s identity. If someone is trying to ask sensitive business information, make sure to ask their name, position, and the company they work for first. Tell them you will call them back and then verify if the company or the caller is indeed legitimate. Doing so also helps alert a company about such fraudulent activity.
- Be suspicious of unknown numbers. Activate filters to block callers from suspicious numbers or use call recording to make a copy of conversations with possible scammers. Also, consider blacklisting if the scammer persistently contacts you.