22ND SEP 2023
Ever heard of the expression that a fool and his money are soon parted? While this phrase may have been coined in the 16th century, it remains as relevant as ever. To understand this, we need to learn about what is vishing.
Last year, Amanda Law of Stoney Creek, Ontario, was contacted by someone claiming to be from her bank. The person on the other end of the telephone had so much information on Amanda that she thought the call was legitimate. Law told CTV News that she was persuaded to give the caller her bank details after he told her that her account had been hacked and she needed to act immediately by transferring her money.
That day, Amanda lost $12,000 to a vishing scam.
Vishing, also known as voice phishing, is a cybercrime that relies on impersonating people or organizations over phone calls to gain access to privileged information. This technique is used to target individuals as well as organizations.
Today, we will help you understand how this scam works and what you can do to avoid falling victim to it. We will also look at four ways fraudsters use vishing to get what they want.
To convince their victims, cybercriminals use elaborate social engineering tactics designed to give up the information they want. With that information, they can empty bank accounts, steal your social media identity, and much more.
A vishing attack begins with a scammer impersonating an employee of an organization. They can then call on the CEO’s behalf, ordering the victim to pay funds. The criminal can request money in various ways. It could be for an outstanding invoice or even an emergency funds request transfer.
Cybercriminals who use vishing rely on a mixture of persuasion techniques and threats to corner their victims. The target believes they have no choice but to do what the scammer at the other end of the phone says.
TrueCaller estimates about 33% Americans fell victim to vishing in 2022.
Social engineers continue to develop the most elaborate ways to trap their targets over the phone. We'll look at the four most common vishing methods today.
Don't forget to hover over the cards to see more information:
Wardialing is a technique where automated software dials a range of phone numbers to identify vulnerable or unsecure lines. It helps attackers find potential targets for unauthorized access or exploitation.
This is a type of cyber attack where scammers use Voice over Internet Protocol (VoIP) technology to deceive individuals into revealing sensitive information, often by impersonating trusted organizations or individuals over phone calls.
Dumpster diving refers to searching for valuable or confidential information through trash or discarded materials. Attackers may engage in dumpster diving to obtain discarded documents, such as invoices or financial statements, which can be used for identity theft or other malicious purposes.
Caller ID spoofing is a technique scammers use to manipulate or falsify the information displayed on the recipient's caller ID. By spoofing their phone number, attackers can make it appear as if the call is coming from a different number or a trusted entity, deceiving the recipient into answering the call or revealing sensitive information.
Phishing can be controlled with modern technological countermeasures. However, the same can’t be said for vishing. Because it involves a phone call, most organizations are not equipped with the means to listen to calls or the ethical concerns that come with it.
To counter this problem, some countries have made it mandatory for telecom companies to implement an industry-standard anti-spam call technology. One of these examples include the STIR/SHAKEN framework, which can authenticate and validate VoIP voice calls. These measures make it easy to report and block vishing calls.
In the absence of such measures, most vishing attacks can be nipped in the bud by following some simple rules:
You have learned about what is vishing and its destructive potential at the hands of con artists. Given how much we rely on phone conversations on a day-to-day basis, it is crucial to remain vigilant, recognize red flags, and avoid disclosing personal information that can be used by a visher to steal your identity and commit fraud.
How to defeat voice phishing scams? Follow these rules:
Here are some important things to do if you believe a visher has approached you:
