What is Vishing and and How to Stop it Happening to You
Voice phishing, often known as vishing, is not a new phenomenon. The term vishing refers to a type of social engineering attack that occurs over the phone rather than through other modes of communication such as email.
Vishing assaults can entail someone speaking on the telephone or a recorded voice requesting information or pressing a key on your call pad.
Vishing, like phishing and smishing, is a strategy used by hackers to obtain sensitive information, such as bank account information, or to deceive its victims into making an advance payment.
These types of attacks are on the rise in the United Kingdom; in fact, vishing attacks increased by 83% in 2020.
How do hackers trick you?
Social engineering methods such as vishing tend to play with a person’s emotions in some way, frequently utilizing scare tactics or making you believe you’ve won a special prize, because hackers know that this is the greatest way to push humans to make mistakes.
When we are told that our money is in danger, for example, our reaction is to panic and move quickly to try to remedy the situation. The hacker will persuade you to believe that they have the simple answer, which is all we want to hear in this anxious situation.
While we’re on the phone, the situation is arguably worse because we have less time to consider. To make you feel more driven to act quickly, phone fraudsters will frequently speak with urgency, using complex phrases and ‘legitimate’ organizations you may have never heard of.
There are hundreds of different vishing scams out there, so knowing when you’re being targeted might be difficult.
- Lottery/Prize Draw: You are notified that you have won a reward, but you must pay certain legal and tax expenses before your winnings are released.
- HMRC Swindling: You learn that you are due a tax refund or that a lawsuit has been brought against you.
- Bank Impersonation: You are told that there is a problem with your account and that you must update payment information or confirm private information.
- Tech Support: You are informed that your computer has a virus and that you must install software to remove it (hint: this is actually malware)
- Medical Assistance: You are informed you are entitled for a free treatment or a miracle cure, but you must give money to obtain it.
- Business Support: You are promised you may make money working from home or starting a business, but you must pay an upfront fee and possibly recruit others to join the plan before being paid for the work you do.
The list could go on indefinitely, but you get the picture. Vishing hackers can be quite smart!
Are vishing attacks hard to spot?
It might be tough to tell when you are being targeted by vishing. When you consider that 97% of targeted users are unable to detect a sophisticated phishing email, you can see how easy it is for these kind of assaults to slip under the radar and fool people.
Shrewd spoofing technology has made it much more difficult to detect when you’re being duped. Hackers can make the caller ID appear to be from a specific company or people, causing you to pick up and assume that’s who you’re speaking with.
Due of flaws in the UK telephone network protocols, hackers can take a presentation number and link it to their own, and the phone network has no way of knowing.
This can even be done from another nation; you will only see what the hacker wants you to see.
Deepfake audio and other VoIP capabilities can also assist in convincing listeners that they are being contacted by a reliable source.
Robo-calling
Some vishing attacks use automated voice messages rather than a human on the other end of the line. They are commonly referred to as robocalls, and they make it possible to reach a considerably larger number of individuals, millions every day.
They may ask you to reply to questions, starting with a simple ‘can you hear me?’. You may instinctively answer yes, but this affirmation will most likely be recorded at the other end and utilized for subsequent fraudulent operations.
You may also be requested to call a number, which can connect you to a high-cost premium line while also branding you as an active user, making you more likely to be targeted again in the future.
Some robo calls are legitimate, such as a travel or appointment reminder, but if you hear unexpected information from a recorded voice on the line and it wants you to participate, it’s always best to remain mute.
Signs of a fraudulent phone call
While vishing attempts can be sophisticated and difficult to detect, there are some warning signs you should be aware of.
In general, be skeptical of any unexpected phone call, even if it claims to be from a respectable company you trust. We’ve already shown that checking the caller ID is useless because it may match the company they claim to be.
Take a deep breath before responding if the caller is informing you that your account has been compromised. Hackers do not want you to ponder; they only want you to panic. They may speak rapidly to you and ask for details in order to keep your money safe.
On the other side, it may be fantastic news! Yet if anything seems too good to be true, it probably is. As thrilling as it is to learn you’ve won something, keep in mind that if you haven’t entered a lottery, you haven’t won it!
Reputable businesses would never ask for sensitive information over the phone, so this should always be your first red flag. Even if they aren’t asking for your banking information, your data is important and may be utilized in a variety of ways to further abuse you.
They may already have information on you and use it to try to show their credibility, but don’t be duped.
If you are unsure who you are speaking with, simply hanging up the phone is the best option. Remember that you owe nothing to the caller.
You can even tell them that you need to phone the company back for security concerns.
Then, using the phone number listed on the company’s website, you can determine whether or not you have been the victim of a vishing attempt.
Whats Next?
If you contact the organization and determine it was a vishing assault, telling them will allow them to take appropriate action sooner rather than later.
To assist in alerting the appropriate authorities, you can report cases of vishing to Action Fraud, the ICO, or via a form on the FCA’s website. They may already be aware of the problem, but if not, they can launch an investigation to prevent it from happening to more people.
Finally, use your phone provider’s phone blocking and privacy services to filter spam calls. You can also register your phone number on the TPS registry to avoid being approached by strangers.
