Watch out! Vishing is around
Vishing is a dangerously effective type of attack that relies on social engineering techniques. The attacker communicates by telephone or via voice message posing as a trustworthy company or entity to deceive the victims and convince them to take action against their interests. Like phishing and smishing, these are frauds committed by criminals taking advantage of new technologies. The only thing that changes is how they do it.
The word vishing is a mix between the union of voice and phishing. It combines phishing attacks that involve voice, whether robotic or human. Attackers can reach the victim through massive phone calls, such as a corporate call center, or leave voicemails. In addition, among the favorite topics chosen by scammers for these communications, we find references to financial or security problems of our computer or mobile device.
How does Vishing work?
Vishing is a type of computer scam in which the cybercriminal, using a mobile phone or email, pretends to be a reliable source. In an effective Vishing, the cybercriminal seeks to deceive the target and obtain their confidential data. The purpose of Vishing is to steal the identity or money of users and companies.
Despite the increasing awareness of citizens of the danger of providing confidential information over the phone or through the Internet, Vishing is a crime that affects thousands of people every day around the world.
The most skilled vishing scammers manage factors that make them sound legitimate such as the following
-
Correct information
-
Urgency
-
Phone Skills
-
Business atmosphere
Common vishing attacks
These scam calls can try to impersonate different people or find other ways to get your bank details. These are some of the most common:
Call from someone who identifies himself as a bank employee
Normally to inform the customer that a fraudulent operation is being carried out with their card or another serious incident. To solve the problem, they ask you for the card details or a unique password that you receive by SMS, and with this data, they can make purchases or a transfer. Sometimes they may even give you specific data from your accounts so that you trust them, but you should never give that unique password, as it is data that the bank will never ask you in a real call.
Computer technician
With the excuse of cleaning the computer of viruses, it requests the payment of an amount of money through a platform in which the bank details are registered. They can also take control of the infected computer to obtain your data, access electronic banking, and operate on your behalf or install malware. This trick is known as the fake tech support scam.
Commercial for a telephone company
In this method, they call to communicate an error in the invoice and ask for the bank details to make the return. They can also ask for your financial information with the excuse that your company has an agreement with the bank to make discounts. Remember, you should never give the data requested in the call because your company already has the data required to make that hypothetical return.
People interested in something you sell online: If you sell products online, scammers can pose as buyers interested in what you are selling. In this case, they try to obtain your complete bank details with the excuse to speed up the payment.
Tips to avoid Vishing
For citizens not to be victims of this type of social engineering attack, the Spanish Internet User Safety Office (OSI) and the Spanish National Cybersecurity Institute (INCIBE) recommend considering the following tips:
-
Avoid sharing personal information.
-
Be wary of calls from unknown numbers or with suspicious numbering.
-
Check the authenticity of the call.
-
Use call tracking apps.
-
Always contact the official phone numbers of the entities.
-
Avoid remote access tools.
Finally, it is logical that cybercriminals investigate us and know our name, address, telephone number, and email address. Therefore, it is essential to be cautious when sharing, facilitating, or publishing sensitive data on the Internet that may be useful to you.
We hope that this article helps you to avoid suffering Vishing. If you require advice with cybersecurity, contact us and if you are interested in more content, do not forget to visit our blog.
NEW COMMENTS
Comment Guidelines:
All comments are moderated before publication and must meet our guidelines. Comments must be substantive, professional, and avoid self promotion. Moderators use discretion when approving comments.
For example, comments may not:
• Contain personal information like phone numbers or email addresses
• Be self-promotional or link to other websites • Contain hateful or disparaging language
• Use fake names or spam content
Your privacy is important to us. Check out our Privacy Policy.