This article is from Trend Micro.
Vishing (a term created from “phishing” and “voice”), is a type of social engineering scam where attackers call victims over the phone under the guise of someone else, and with the intent to steal personal information and/or money.
Vishing frequently occurs in the form of an urgent, frequently coercive, telephone call — say, the victim’s account was “compromised”, and the caller requires a PIN number to authenticate their identity. They may also claim to be calling on behalf of a government body, like the IRS or the Social Security Administration. “Friendlier” vishing attempts will instead go the other route and inform the victim of some prize they’ve won.
The success of vishing revolves around social engineering — exploiting the victim’s psychology to persuade them to carry out an act. Vishing perpetrators employ either threats or rewards to make victims feel they have to comply. Victims are often targeted through threatening voicemails, where the prospect of court cases and frozen accounts are frequently raised.
Vishing scammers also use caller ID “spoofing” to trick victims into believing a phone call comes from a place it does not — say, a legitimate business or a government office. Lastly, fraudsters may utilize personal information that they have obtained elsewhere (i.e., the dark web) in order to appear more professional — to defend against this possibility, we recommend Trend Micro ID Security.
Ultimately, despite advancements in technology, vishing attacks are still used by criminals because rapid, smooth talkers are as dangerous as they were 1,000 years ago. Vishing comes in different forms, but the goal is the same — to deceive the victim and extract information and/or money.
Vishing is a rapidly growing threat, up 550% from Q1, 2021 to Q1, 2022. The following list contains the main types to look out for.
A marketer will inform you that you’ve won a prize. In order to receive the prize however, you’ll need to confirm your address and/or other details. (Gift cards are another variety.)
Your computer is taken over by an alert warning you that a virus has infected and disabled the machine. You’ll need to call the number to solve the problem, at which point the scammers will attempt to take control of your machine.
A government employee from an office such as the IRS will tell you that there’s some kind of problem. To proceed, you’ll just need to verify a few details.
A bank employee will call to inform you that there’s a problem with your account. In order to fix it, they will first need your details.
A tech support agent will tell you that they’ve found an issue with your device. They may offer to send you a solution via email — this will contain a malicious phishing link.
You receive a voicemail SMS alert. If you open it, you are in danger of downloading malware to your phone.
Scammers know people are more likely to answer a call from their local area, and have the ability to create fake/duplicate numbers for this purpose.
A salesperson will offer you a too-good-to-be-true deal on some type of service or device. Of course, they will first require your details!
Follow these tips and you’ll radically reduce the chances of falling victim to a vishing scam:
Source: pexels.com
