What is “Vishing”?
After having explained Phishing in the previous TIP and continuing with the cyber-attack techniques within social engineering, we are going to see the second of them; Vishing.
The term “Vishing” is formed by the union of the words “Voice” and “Phishing“. So cybercriminals use the phone call or video call from Whatsapp, Telegram, Skype or similar, to carry out the scam.
The most common techniques are:
- To impersonate a customer, user or citizen service agent of any entity, public or private, in order to manage debts or invoices: They usually inform the victim that a supposed erroneous or unpaid charge has been made or detected, and request the victim’s credit card information to pay the difference at the same time.
- Impersonating a computer technician: Fraudsters call about a computer problem or update, pretending to be support technicians from the victim’s company or an acquaintance, under the pretext of checking the computer or cell phone remotely. In this way, they could take control of the device.
- Calling asking for a person from the company or entity, especially from Senior Management: They almost always ask for contact information, with the excuse of a meeting, visit or matter to be discussed. It is preferable not to provide them, to take note of the caller and that the person you are inquiring about, if he/she recognizes the contact, will call you back.
Throughout this year, we will explain different existing Vishing techniques. From calls to record our answers and thus impersonate our identity, to requests for information or money to help a supposed acquaintance, friend or family member in trouble, who happens to be unable to speak at that moment.
But for now let’s look at some common recommendations to keep in mind.
How can we avoid this?
- Use common sense: Would you give your personal, professional or bank details to a stranger on the street? Why do it over the phone then?
- The golden rule is still to be wary of any unusual communication and to “double check”: To be sure, we should contact the original contact by other official means.
- Do not do anything requested until you have checked the above. If the call seems suspicious or even “hidden number” or “unknown” appears on the screen, do not pick it up: If you have done so and the conversation is out of the ordinary, hang up directly.
- Check the internet to see if the number from which the call was made has been used in other scams: Sometimes you can find forums, in which other affected Usuari@s have alerted about that contact.
- Currently in any mobile device, we can find a button to block contact, and in video call platforms even the option to report/denounce: This will not prevent them from trying again through another phone number, but at least we will have contained the first scam attempt.
- If you believe that you have provided personal or professional information that you should not have disclosed by this means, notify the IT Department, CISO or DPO in the work environment and report it to the police authorities in the personal environment.