Cybercriminals never rest. It is always a game of cat and mouse between them, their victims, and the authorities trying to stop or deter their attacks. And now they are accelerating the use of a newer type scam – vishing or voice phishing.
Most of us by now are familiar with the scam of phishing – where a scammer gets access to information through the use of email. Vishing on the other hand, uses phone numbers to get you to share sensitive information about yourself or the company you work for.
And what is making this form of scamming so effective is that while organizations have trained their employees on how to spot phishing emails, very few are training for how to spot and report vishing phone calls or text messages.
Scamming is a numbers game. The more voice or text messaging media is being used, the higher the percentage that there will be a victim. With text messaging coworkers on the rise, but still far from pervasive, vishing is the perfect attack system for today.
With vishing, two common strategies are in use today. With the first one, cybercriminals send out text messages to a long list of phone numbers that they may have purchased legitimately … or acquired from another scammer. In the written message, they ask for the individual receiving the message to contact the requestor or they may ask the receiver for more information or to reply back with the information requested.
In the second scam, they pose as someone you trust whether inside or outside of the company, and they use that trust to persuade you to share either personal or company information such as bank details, transfer funds or passwords, or other harmful financial, personnel, or company details or actions.
The scammer could pose as a representative from the victim’s bank; an employee’s spouse; their employer requesting them to contact HR or IT – the possibilities are as endless as the numbers in your address book.
What to Do
First, never share personal, financial or company information with someone you don’t know – period. Next, even if you receive a request for information from someone you know, verify the requestors identity before releasing that information. If you think it might be a vishing attempt, report the incident and details to your company’s IT department.
Stay situationally aware. Think about why person would call you out of the blue? Ask yourself about what information they are asking for and why they would want that information (or what damage they could do with that information). And finally, think about why you would want to share that information with that person.
Err on the side of caution and question everything when it comes to phone calls and text messaging. Vigilance is the best tool available to prevent from being a victim of vishing – or any other cyber scam.
