What is vishing? Tips for spotting and stopping it
Vishing (or voice call phishing) can affect anyone who owns a phone. Similar to other types of phishing, vishing heavily relies on social engineering to trick victims into revealing personal information. Voice scams are highly sophisticated, and even experienced netizens might fail to identify them before it is too late. Here’s what you need to know about vishing and how to defend against it.
What is vishing?
Vishing (a combination of “voice” and “phishing”) is an attempt to gain valuable information through a phone call. For these deceptive maneuvers, cybercriminals practice social engineering to take advantage of people’s emotional reactions. They use personalized calls or robotic voicemail messages to cause a sense of urgency and fear. Sometimes, the intended effect is the opposite – to trigger curiosity or even excitement.
Voice phishers can pretend to be representatives of government entities, banks, reputable organizations, or even family members. Regardless of the pro-claimed source, vishing aims to convince the victim to give out personal information. Private details such as Social Security numbers, credit card details, PINs, or passwords pave the way for identity thefts and financial frauds.
Common vishing techniques
Most vishing attacks rely on caller ID spoofing, which makes the call appear as if it’s from an official source. This method can also localize the number to make you more compelled to pick it up. For these calls, attackers can use convincing vocalization synthesis, such as robotic voice messages. However, some fraudsters prefer to do things the old-fashioned way and masquerade under some very persuasive playacting.
Thanks to a new technology known as “deep fake,” scammers often use artificial-intelligence-based vishing. This terrifying voice generation software can impersonate the voice of a particular person. So, such ultra-realistic voice cloning can make the fake calls even more difficult to recognize.
How does vishing work?
Imagine you receive a call from a number registered in your area, or it shows the name of a company you instantly recognize. Thinking it’s someone authoritative, you pick it up. A slightly robotic voice informs you that someone made fraudulent transactions from your bank account. To secure it, you need to call the given number as soon as possible – your money is at risk.
You need to confirm your identity and ownership of the compromised account when you call the provided phone number. You agree to share your account information and credit card details to resolve the security issues. In reality, you’ve just given the most sensitive information to the con artist directly and fallen victim to a vishing attack.
Vishing attack examples
Although vishing can take several forms, here are some of the common techniques:
- Bank fraud. Alleged fraud or suspicious activity detected on your bank account.
- Prizes and sweepstakes scams. The attacker notifies you about the prize you just won. However, you can redeem the gift only after paying the shipping fees. However, to cover these expenses, the visher asks you to provide credit card information.
- Taxes scam. You supposedly have unpaid taxes and owe money to the Internal Revenue Service (IRS). If you don’t pay it up immediately, authorities will issue a warrant for your arrest.
- Medicare scam. Your Medicare card has expired, and you’re due to get a new one. To replace it, the representative needs to confirm your identity by receiving your Social Security number.
- Relationship fraud. Here, the visher pretends to be a close family member who needs immediate help. The member, often a grandson or a granddaughter, allegedly suffered from some accident. They are in a hospital or jail, and a certain amount is needed to ensure their safety.
How to protect yourself from vishing?
- Never give out personal information over the phone. Reputable companies and banks won’t require sensitive information, like credit card numbers or Social Security ID, over the phone.
- Think twice, and don’t be impulsive. Although it’s easy to give in under pressure, a frantic sense of urgency is a huge red flag.
- Use a VPN. Vishers are smart enough to track your whereabouts to localize spoofed phone numbers. Luckily, VPN conceals your IP address along with the geographical location associated with it. Hence, you become completely untraceable.
- Educate yourself and your loved ones about vishing attacks and its tricky tactics.
- Limit the information you share on social media and other public channels. The more information you post, the easier it is for crooks to craft convincing phishing scams.