What Is Vishing?
Sometimes a call can be dangerous. Thieves are using various types of phone scams to trick people into giving away money and personal information.
You may have recently gotten a call from someone claiming that your taxes are late or that your Social Security Insurance has been compromised. If so, you may have been targeted by a vishing scam. These types of scams are numerous and come in many different forms.
If you haven’t been targeted by vishing scams yet, it is important to know what they are, how to identify them, and how to stay safe. Here’s what you need to know about vishing.
What is a vishing attack?
Vishing, also called phone call spear-phishing or phishing voice calls, is a form of social engineering. It is the act of using human interaction and manipulation to obtain sensitive information about a person, organization, or its computer systems, said Nick Santora, CEO and founder of Curricula, a security awareness training platform.
To put it simply, the hacker finds out information about you, calls you pretending to be a company or someone that you trust, and uses that trust to steal information about you such as your social security number, bank account number, credit card information, or even passwords to your work accounts.
“Hackers rely heavily on information gathering. A simple online search, reviewing your social media accounts, and even looking through your garbage are just some of the ways bad actors can gather information about you,” said Santora.
A study of 5,000 mobile phone subscribers in the United States in 2019 found that 75 percent of phone scammers already had personal information about the person they were targeting. They used this data as a way to trick their vishing victims.
Scammers also often use another form of trickery when vishing. They use apps to make calls so that your phone’s caller ID says that the calls are coming from a trusted source. This is a scamming technique called number spoofing. If you receive a phone call from any of these area codes, hang up immediately.
What is the difference between phishing, smishing, and vishing?
A scam is labeled depending on how the scammers gather their information. According to Santora, phishing gathers information via a phishing email, social media, or other online channels. Vishing, on the other hand, uses a phone conversation to gather sensitive information from victims. SMS phishing (smishing) is when a hacker uses text messages instead of voice or online means to try and obtain sensitive information.
Why are vishing attacks so common?
“Vishing social engineering tactics are widely regarded as one of the largest cyber threats today,” said Santora. According to the Federal Bureau of Investigation (FBI), one of the reasons vishing is so popular is because more and more people are working at home during the COVID-19 pandemic. At home, security measures are typically laxer, allowing hackers to access the information they need more readily. Also, with more people working from home, scammers have increased opportunities for catching people off guard—a situation they are exploiting, noted digital privacy expert Ray Walsh.
Scamming workers through vishing became so popular that in mid-2020, the FBI and Cybersecurity and Infrastructure Security Agency issued an advisory about it.
One example of vishers exploiting workers happened in July 2020. More than 100 Twitter accounts were breached using a simple vishing tactic. To get access into the accounts, the hacker called members of Twitter’s staff and tricked them into giving away login information of high-profile accounts, including President-elect Joe Biden (who was candidate Biden at the time), former president Barack Obama, Elon Musk, Jeff Bezos, Bill Gates, Kanye, and Kim Kardashian. The hacker then used the accounts to try to get their followers to send him Bitcoins. The scammer ended up with more than $100,000 but ended up being apprehended by authorities not long after.
Overall, hackers find vishing a fast, effective way to scam, especially since they cannot be stopped with technology alone. There is really no way to track or stop these calls before they happen.
How to recognize a vishing attack
Vishing attacks can come in many forms. Knowing some of the more popular ones can help you identify when a caller is trying to vish you.
Here are some more common vishing scams:
The caller says they are from a government service (IRS, Social Security Office, etc.) and asks for private information or a payment of some sort.
The person on the line claims you won a prize, but you don’t remember entering the contest.
You get a call from your bank stating that you need to give them your online passwords or other personal information.
There is a call from your children’s school and the person on the other end needs your child’s or your personal information or payment for an unexpected expense.
The caller wants you to purchase gift cards.
Someone calls you claiming to be from the business where you work and requests login information to the company’s programs.
What to do if a scammer calls you
Now that you know the common forms of vishing, there are some things to remember when you’re on the phone.
Santora offers these tips:
Call back. Verify the authenticity of a caller by using alternative methods such as hanging up and calling back a verified business line or visiting the website of the organization directly.
Slow down. A visher will often try and convince you that they have your sensitive information already, then ask you to quickly verify it. Slow down and do not give out sensitive information to an unknown caller.
If asked to disclose sensitive information, stop and ask yourself, “Do I really know who is making this request?” When you don’t feel comfortable providing information, don’t. Being safe with sensitive information does not mean you’re being rude.
Hackers want you to act before you think. Don’t allow them to change your behavior based on a false sense of urgency. When you feel that something isn’t right, stop and verify the authenticity of the request.
Also, always be wary of any questions that could cause you to say “yes.” Scammers have been known to use recordings of people’s voices to trick them into believing they have entered verbally into a contract. Scammers usually use these voice recordings as leverage to make the victim pay an outstanding balance, said Walsh.
Most importantly, if you feel like you’re on the phone with a scammer, hang up. Be especially wary if you receive any of these 10 phone call scams.
- Nick Santora, CEO and founder of Curricula
- First Orion: “First Orion Reports Scam Callers Now Leveraging Data Breaches In New “Enterprise Spoofing” Strategy”