Top 5 Vishing Attacks and How to Avoid Them
Vishing is a type of social engineering attack in which an attacker uses voice communication technology to trick people into revealing sensitive information or performing an action. The term “vishing” is a combination of “voice” and “phishing,” which refers to a similar type of attack that uses email or text messages.
In a vishing attack, the attacker typically calls the victim and pretends to be someone trustworthy, such as a bank representative or IT support person. The attacker then tries to get the victim to reveal personal information, such as credit card numbers, passwords, or account details. They may also use fear tactics or urgency to pressure the victim into taking action, such as transferring money or installing malicious software on their computer.
Vishing attacks are becoming increasingly sophisticated, with attackers using techniques such as spoofing the phone number to make it appear as if the call is coming from a legitimate source. It is important to be cautious when receiving unexpected calls from unknown numbers and to verify the identity of the caller before giving out any sensitive information.
Banks and Financial institutions
Scammers will frequently pose as your bank or credit card provider, claiming that there is a problem with your account and that your payment information needs to be updated.
They may also inform you that your money is at danger in some way in order to elicit immediate action and obtain the information they require, such as your account information or your PIN.
It is critical to understand that banks would never ask for these details over the phone. You can’t rely on caller ID however, because clever number spoofing technology might make the call appear to be coming from your bank.
This vishing attack is widely used, but it also works. According to reports, banks clients would lose roughly £58 million to vishing scams in 2020.
Most of us would know someone who has received a call from HMRC, stating that a lawsuit has been filed against them or that you are due a tax refund but need to confirm some data.
Naturally, hearing the term “lawsuit” causes you to panic and makes you more ready to comply with whatever is required to resolve the problem.
Hackers prefer to target old or vulnerable persons because they are less likely to recognize a scam.
When you receive these calls, the best thing you can do is hang up immediately and report the issue to Action Fraud. Providing call details such as the number where the call came will help specialists in investigating and shutting down these scammers.
Computer repairs and improvements
Another popular vishing scam is a call from a well-known IT or tech organisation, such as Microsoft, saying that your machine has been infected with a virus.
They may give you precise instructions to correct it, which may include mailing you software to download or redirecting you to a false site to download it – spoilers – they’re most likely attempting to install malware on your PC. They may then persuade you to change specific settings, making your machine even more vulnerable to further hacking.
The caller may use a lot of technical jargon to confuse you but make you think they must know what they’re talking about with these types of vishing calls. Reputable tech companies, on the other hand, would never approach you in this manner and will never force you to install anything that they send you!
Healthcare vishing scams
These vishing scammers may pose as your GP surgery, the NHS, Public Health England (PHE), or the World Health Organization (WHO).
There was a significant surge in covid-related vishing attempts throughout the epidemic, frequently involving claims of a free test or treatment.
If it is a recorded voice message, it may ask you to contact a number, but be aware that doing so may link you to an extremely expensive premium line. Speaking with an operator, on the other hand, may result in the disclosure of private information or banking details.
Some medical-related vishing scams may claim treatments or drugs without requiring a prescription. Before taking any action, always consult with your doctor or pharmacist – if it seems too good to be true, it usually is!
Advance fee fraud
This form of vishing scam might entail a variety of scenarios, but they all involve being requested to pay a significant upfront charge for products or services that, of course, never materialize.
One sort of advance fee fraud is the promise of a PPI refund. You may be contacted out of the blue by an apparent authoritative body, such as the FCA, and informed that you are entitled to a PPI refund. To release the funds, however, you must first make a payment.
They may request that this payment be made in the form of a voucher or through a money transfer business to avoid the payments being traced. This should always raise a red flag.
Other types of advance fee fraud include rental fraud, in which you are asked to pay an upfront fee for a non-existent property, loan scams, in which a fee is required to cover the insurance for a (fake) loan, and even fictitious lottery winnings, in which payments and personal information are required to release your winnings.
Always be aware of organizations who request payment over the phone. To verify the legality of the call, it is better to hang up and contact the company directly. Report it to Action Fraud if it is a vishing scam.
How to avoid vishing scams?
Unfortunately, with phone numbers so easily available to hackers nowadays, it’s difficult to totally avoid being targeted by a vishing scam, but there are things you can be extra cautious of when taking an unexpected phone call and precautions you can do to protect yourself:
- Never give out any personal or financial information over the phone. They may speak quickly and use jargon to attempt to convince you to agree, but always think before you speak.
- Don’t rely on caller ID. Phone numbers can be impersonated.
- If you are unsure whether the organization is real, hang up and call their actual number to confirm.
- Sign up for the telephone preference service (TPS)
- Inquire with your phone company about specific privacy services.
- Utilize your smartphone’s ‘block number’ option.