Scorpiones Group

What is Vishing? Voice Phishing Scams Explained & How to Prevent Them

Most of us have been trained to be careful of clicking on links and attachments that arrive in emails unexpected,
but it’s easy to forget scam artists are constantly dreaming up innovations to improve their phishing scams.
Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes.

What is vishing?
Impersonating a person or legitimate business to scam people isn’t a new thing. Vishing is simply a new method on an old routine.
In fact, vishing has been around almost as long as internet phone service.
The word ‘vishing’ is a combination of ‘voice’ and ‘phishing.’ Phishing is the practice of using deception to get you to reveal personal, sensitive, or confidential information.
However, instead of using email, regular phone calls, or fake websites like phishers do, vishers use an internet telephone service (VoIP).

Using a combination of scare tactics and emotional manipulation, they try to trick people into giving up their information.
These vishers even create fake Caller ID profiles (called ‘Caller ID spoofing’) which makes the phone numbers seem legitimate.
The goal of vishing is simple: steal your money, your identity, or both.

Common Vishing Techniques
By spoofing a legitimate phone number, scammers lead people to believe the call is legitimate.
At the same time, since you know that they can do this, you can’t even trust Caller ID.
Yet even if you don’t answer the phone, they leave voice messages to provoke a response – you’ll return their call and give up your information.

Vishing Examples
Vishing can take several forms.
One form targets your bank account or credit card account. For example, you might get a call with a message such as:

Your account has been compromised. Please call this number to reset your password.

The visher hopes you’ll hear the message and panic.
Typically, when you dial the number they leave, you hear an automated recording which asks for information like bank account numbers and/or other sensitive information.

Another example,
some organizations have their own entrance gate in which you call to a certain phone number, the system will recognize the caller ID as an approved number, and opens up the gate.
This method is used by “Red Team Operations” in order to test your organization’s physical security, Physical Penetration Testing is one of the most important aspects of Information Security.

Vishing is not only Voice Phishing, scammers don’t stop there, they will use a combination of methods in order to get the information they want, such as Spoof address of an email sent by the IT Department warning of a security breach that should be fixed by downloading the “New Security Update” attached to the email.
Then the scammer will Spoof Call ID by the recognized IT Department number, where they reassure to the employee the email is real and that he should install the security update which contains a malware.

Vishing - Voice phishing
What is vishing banking?
Vishing banking scams are a vishing attack that involve a call from someone who says they’re from your bank or some other financial organization.
They may tell you that there is a problem with your account or with a payment from your account.
They might ask you to transfer money to a different account to correct the problem. However, all they’re doing is taking your money.

What is a phishing phone call?
A phone call from someone pretending to be from a bank, credit card company, debt collector, charitable organization, healthcare provider, or even the IRS.
Their objective is tricking you into giving sensitive information over the phone.
If you give them your information, they can access your financial accounts or steal your identity.

What is the difference between phishing and vishing?
Phishing can take many forms, such as phone call, email, or phony website.
In comparison, vishing uses internet phone services (VoIP) to complete the scam.
Often, this includes ‘spoofing’ the phone number of a real business or company.

When vishers spoof a legitimate business and customers are effected, the company suffers.
Even though the actual business had nothing to do with the vishing scam, the company’s reputation, brand, and image could be negatively impacted.

How to Prevent Vishing
There is no need to be paranoid about becoming a victim of vishing. At the same time, it pays to be careful.
To help you prevent vishing, our team at Scorpiones have compiled a few specific steps to prevent vishing:

  • Be aware – Knowing how these thieves operate can help you from getting scammed.
    Always remember that legitimate business don’t make unsolicited requests for personal, sensitive, or financial information.
    Anyone who does this over the phone is probably trying to scam you.
  • Don’t give in to pressure – If someone tries to coerce you into giving them sensitive information, hang up.
  • Don’t answer phone calls from unknown numbers – It is tempting to answer calls from unknown numbers. You might even if think, ‘What if it’s an emergency and someone needs me?’ Be aware that anyone who’s calling you with a real emergency will leave a message.
  • Stay calm and don’t panic – Since these criminals frequently play on your emotions, keep a cool head and hang up the phone.
    If you still feel afraid, wait 10 minutes and then call your bank, credit card company, or whoever the caller claimed to be.
    Then verify whether there is a real problem.
  • Be skeptical at all times – Even if your Caller ID gives the name of a bank, charity, or some other company or organization, it could be a trick.
    Security won’t call you to request that you change logins, passwords, or network settings. Any caller who makes this type of request is probably a scammer.
    Refuse the request and notify security.

You don’t have to be a victim of vishing.
Stay safe and be wary of vishers! If you’re a business, be on the alert.
Vishers are always planning their next scam.
Be vigilant and take precautions to prevent your business from being the next victim.
We also suggest that you will contact us about protecting your employees from Social Engineering and Phishing.
For more information about vishing protection, contact us now.

Tags: Vishing Phishing Social Engineering Red Team

Contact Us