Read Time:4 Minute, 18 Second
“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.
The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:
Data Breaches: Scammers often obtain phone numbers from data breaches where personal information is exposed and sold on the dark web.
Public Records: Phone numbers can be found in public records, such as court documents, voter registration lists, and property records, which are often accessible online.
Social Media: Many people share their contact information on social media profiles or posts, making it easy for scammers to collect phone numbers.
Online Surveys and Contests: Scammers create fake online surveys or contests that require participants to enter their phone numbers, which are then harvested for vishing.
Dumpster Diving: Physical documents thrown away without shredding, such as old phone bills or bank statements, can provide scammers with phone numbers. Once a visher has the list, he can program the numbers into his system for a more targeted attack.
Wardialing: A visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions. When someone answers the phone a generic or targeted recording begins, requesting that the listener enter a bank account, credit, or debit card number and PIN.
Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:
VoIP: Voice over Internet Protocol (VoIP) facilitates vishing by enabling vishers to easily spoof caller IDs, use automated dialing systems, and leverage AI-powered voice manipulation, all while operating from virtually anywhere with an internet connection. This combination of technologies makes it easier for scammers to appear legitimate and efficiently target numerous victims.
Caller ID Spoofing: Caller ID spoofing works by manipulating the caller ID information that appears on the recipient’s phone, making it seem as though the call is coming from a trusted or local source. Scammers use specialized software or VoIP services to alter the displayed number, which can mimic the number of a reputable institution, such as a bank or government agency.
Social Engineering: In live calls, vishers use social engineering techniques to build trust and manipulate the target into divulging personal information. They might pose as customer service representatives, tech support agents, or officials from financial institutions to convince you to hand over personal information.
Voice Manipulation Technology: Advanced AI-powered voice manipulation tools can mimic the voices of known individuals or create convincing synthetic voices, adding credibility to the call.
Urgency and Threats: Vishers often create a sense of urgency or fear, claiming immediate action is required to prevent serious consequences, such as account closure, legal action, or financial loss.
To protect yourself from vishing scams, you should:
Educate Yourself: Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents. As this crime becomes more sophisticated, you’ll want to stay up to date.
Use Call Blocking Tools: Utilize call blocking and caller ID spoofing detection tools offered by your phone service provider or third-party apps to filter out potential scam calls.
Be Skeptical of Caller ID: With phone spoofing, caller ID is no longer trustworthy. Since caller ID can be tampered with, don’t let it offer a false sense of security.
Do Not Share Personal Information: Never provide personal information, such as Social Security numbers, credit card details, or passwords, to unsolicited callers.
End the Call: If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
Report Suspicious Activity: Call your bank and report any fraud attempts immediately, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller. Also report any suspicious calls to relevant authorities, such as the Federal Trade Commission (FTC), to help prevent others from falling victim to the same scams.
Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.
The post How to Protect Yourself from Vishing appeared first on McAfee Blog.