Vishing is a term used to describe voice solicitation, a method using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The goal of this type of manipulation is driven by the hacker’s desire for monetary gain since any information they may obtain about you can be used maliciously to gain access to your accounts, rack up debt, open new accounts in your name or sell your identity for a profit.
Watch this video to understand more about how vishing is done:
So, how does Vishing even happen?
There are three ways that Vishing typically occurs:
1. The hacker may personally call you and pose as a trusted individual or service provider (i.e. a help desk, customer service, and/or tech support) urging you to take action on an issue or requesting more personal information from you. The most common vishing attempts appear as if you are being contacted by your bank, a government organization (such as the IRS), law enforcement, cell phone provider, or to help you collect the winnings of a prize/contest.
2. The hacker may pose as you by “spoofing,” or forging your number to look like they are making a call that is coming from you. They will use this convincing trick to call an individual or service provider and manipulate them into providing sensitive information about you/your account to the hacker – this could compromise your identity, bank accounts, credit cards, etc..
3. The hacker may spoof their number to appear like they are calling from the local area in which you live. This neighborhood vishing attempt relies on many people’s tendencies to answer a number if it appears that it could be from an old friend or someone they may know.
Vishing is affecting more and more people everyday and is gaining popularity among hackers as a preferred type of social engineering.
5 Tips to Protect Yourself from Vishing
1. Watch out for phone calls and text messages
Exercise caution when answering the phone, especially when not expecting a call. This also goes for text messages and voicemails. Hackers will sometimes try to infiltrate your phone by leaving threatening messages by text or voicemail. They may claim to be your service provider and ask for you to call or text them back requesting that they need you to verify personal information in your account. Keep in mind that banks will NEVER ask you for your personal pin, passwords, bank numbers or other info. Similarly, the IRS will never call you demanding payment on taxes owed without first having mailed you a bill. Hackers will try to call and pretend that they are calling from credit cards, banking, or phone service providers, etc.
2. Initiate the Call
If you receive a phone call from a service provider that seems a little phishy, don’t feel obligated to engage in conversation. Instead, hang up and do a search for the company’s official number (not the number you were called from). Use the publicly noted contact information either on the company’s website, an account statement or on the back of your card.
3. Register your phone with National Do Not Call registry
Consider registering your number on the National Do Not Call List to make it harder for you to be a victim of unwanted calls. You can also report unwanted calls on this site. https://www.donotcall.gov/
4. “My Password Was Changed?”
Be aware of password change notifications that you may receive for your accounts and also keep an eye on your account statements. Make sure that you do not reuse the same password across accounts and that you create passwords that are not easily guessed.