Criminals are always evolving, finding new tactics to trick target victims. In 2018, the FBI’s Internet Crime Complaint reported a loss of $48 million from phishing victims. With most users now aware of phishing attacks, the combination of voice and phishing took the majority a step back.
Vishing is a phone call scam used by cybercriminals to deceive users into sharing their personal information. During a vishing attack, the scammer utilizes social engineering to deceive the user into providing vital information such as login credentials and banking details. The trick may begin with the perpetrator alerting the unsuspecting user that their account has been compromised. They will then claim to be a bank or law enforcement representative. Others might even offer to install security software – which will be malware.
Vishing is just a type of phishing, which includes the use of emails, texts, phone calls, or chat messages to communicate with the target victims. The phishing perpetrator’s goal is to obtain personally-identifying information or steal money.
Due to evolving technology, it is getting easier for scammers to contact masses across the globe. With the use of VoIP (Voice over Internet Protocol) technology, scammers can spoof caller IDs and pose as if they are from a trusted company such as a bank or law enforcement agency.
There is no difference between phishing and vishing in general. Vishing is phishing over a phone call. There are also various themes of vishing used by scammers to trick users. These themes include:
1. Your bank account has been compromised
This approach uses a person or a prerecorded message to inform you about an issue on your account. At times, it will state that the payment you made has been compromised and you must make a new one to fix the error. You may also be asked to provide your login credentials so the issue can be fixed remotely. However, you must never give your credentials or any information concerning your banking details to anyone over the phone. You should hang up the call and contact your banking company using their publicly listed number.
2. Voluntary loan offers
Using this method, scammers will try to swindle money from you by offering a lucrative investment deal or offer a loan that requires you to first pay for their services or provide personal banking details. Although the fee may be small compared to what you will be offered, note that no loan service requires upfront fees. You mustn’t fall for such tricks and should always go to the bank to acquire personal or business loans. Also, investment opportunities do not initiate contact.
3. Medicare scam techniques
The elderly group of the community is the number one target of phone call scammers. The perpetrators present themselves as Medicare agents amid the Medicare enrollment period. They will collect financial details from the target victim which include their Medicare number as well as banking details. The perpetrator will then use the information to conduct fraudulent activities or swindle the victim’s money. If not cooperating, the user can be threatened that their Social Security Number will be suspended.
4. Tax return scam
This scam comes in different forms but involves a prerecorded note. The message informs you about an issue concerning your tax return and you must call back asap, otherwise, you could be arrested. The caller ID is spoofed to appear as if it’s from the IRS. To combat this type of scam, it helps to understand what the IRS does, when they contact you, and how they resolve some issues.
Note that the IRS doesn’t do the following:
- Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card, or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
- Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer.
- Threaten to bring in local police, immigration officers or other law-enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business licenses, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.
How to Protect Yourself from Vishing?
The best way to defend yourself against vishing is to know what to spot from calls. Signs of vishing are always there, you just need to know them, and you will be safe. Regardless of the method being used, goals are similar and perpetrators will always push to achieve them. Here are some of the pointers to take note of when identifying a vishing scam:
- The caller on the other end claims to be a representative of the IRS, Medicare, or law enforcement agent. Federal agencies never call people unless you request them to do so. Also, they will never use social media channels, emails, or text messaging forums to initiate contact. So, if anyone calls you and identifies themselves as a representative of such agencies, be skeptical and drop the call. Use the publicly listed number to verify that call.
- There is always a sense of urgency. One of the biggest giveaways about the scams is that they try to frighten or threaten you so you can act frantic. When you receive such calls, remain calm and composed, don’t feel pressured or threatened to act immediately, and give in to their demands. Tell them you will go to their offices to fix the issue. Don’t give out any piece of information, hang up, and do more investigation. If possible, report it to the company’s fraud department.
- Scammers always ask for your personal information. The caller asks for personal details as a confirmation process. The information collected includes SSN, date of birth, physical address, full name, banking details, etc. This information can then be used to conduct fraudulent activities or steal your money.
How to Defend Against Vishing?
Apart from obtaining the knowledge of how vishing works, you can also apply the following tips to defend yourself against such attacks:
- Add your phone number to the National Do Not Registry. This will alert telemarketers not to call you for promotional reasons. Even if some companies will continue calling, it will reduce promotional calls hence leaving scammers out in the cold.
- Don’t answer unknown calls. Let the phone call go to voicemail, and then listen to it and decide to call the person back after you have done a thorough investigation.
- If it doesn’t feel right, hang up the call. To continue with the polite conversation, hang up and block the number.
- Ignore prompts and avoid pressing any buttons. Do not follow automated messages that give instructions to press numbers as responses to the questions asked.
- Request for the caller’s ID and verify it. If provided with a number to call back, check it against the publicly listed company numbers. Then, call the company in question and ask about the representative who called you.
It is a must to learn how to protect yourself against vishing. Attackers are skilled and will do anything to deceive you into thinking they are legit. However, keep in mind the tips we provided above and you must never give away your details over the phone. Since vishing is just a part of a wide phishing spectrum, it is important to also protect your system against online attacks using reliable anti-malware security software.