Watch out for the new cybercrime in town!
Have you been getting any phone calls or voice messages lately that appear to come from a trusted source but are actually a disguised attempt to extract your identity, bank details, and more? Well, BEWARE! Because you can be the next victim of vishing scams.
The Canadian Anti-Fraud Centre says that there is an uptick in vishing scams despite the COVID-19 Pandemic. For example, in 2020, the Centre received around 23,655 reports related to phone solicitations in the first seven months of the year. And you know, these numbers are double compared to the previous year.
But what exactly are vishing scams? And how can we identify one?
What is Vishing?
Vishing is another clever scam tactic to add to the list of security threats. But it’s more like social engineering scheme than a vulnerability, “vishing” is a targeted and destructive form of phishing that uses voice to lure victims into revealing their sensitive information.
Instead of being directed to a website by email, an email message asks them to make a phone call. This call triggers a voice response system that demands users to reveal their credit card numbers and other financial information. These calls usually come by 800 numbers, known as ID Spoofing or VoIP technology, to imitate trusted individuals or organizations. Once the scammer successfully gets you on the phone, he can literally extract your financial details and other sensitive credentials by using social engineering techniques.
These attacks can target anyone, but they are mostly directed towards elderly, not so tech-savvy individuals and employees who regularly interact with people outside their organization.
Vishing Vs. Phishing: The hacker game has changed
People have gotten level-headedly good at identifying scam emails. Popular email systems have also helped spot these malicious items. However, email phishing has no longer remained the only game in town. Hackers now exploit online file-sharing systems, social media networks, messaging platforms, and phone systems. Unlike email, these channels are highly tailored and personalized to focus on sharing.
So, in a nutshell, the medium hackers use in phishing, vishing, and smishing may differ. But the core purpose is the same: committing fraud, extracting private information, and taking over bank accounts.
Here’s how you can differentiate between these attacks:
- Vishing –voice version of phishing, uses phone call scams to compel users to share sensitive information verbally.
- Smishing involves using text messages, tricking users into clicking malicious links, or visiting fraudulent, redirected websites.
- Phishing – Email scams that lure victims into clicking links containing malware or visiting fake websites.
Vishing Exploits Trust: Examples of vishing
Here are the five examples to help you identify Vishing attacks:
1. Tech Support Attacks
In this type of scam, hackers impersonate tech personnel from renowned companies like Microsoft, Apple, and Google, reporting about suspicious activity on your online account. They also ask for your email address to send software updates, which are actually turned out to be malware.
2. IRS Tax Scam
In other popular case types, scammers impersonate the Internal Revenue Service (IRS) or the local utility company, usually threatening users about issues with their tax return that could result in severe penalties and, in some cases, jail.
3. Bank Impersonation Scam
Scammers also pretend to be from credit card companies, banks, and other financial institutions to gain access to your accounts. These scammers often exploit the sentiment of fear by telling you that there’s a suspicious activity reported on your financial account, and if not act promptly, you’re at risk of losing money. They will ask you to share your credentials and other details in order to “fix” the problem.
4. Social Security or Medicare Scam
Senior citizens are frequent targets of phishing attacks because they are naïve and are unfamiliar with modern-aged scams. Hackers impersonate Social Security or Medicare representatives to have their account details so they can get a new social number for themselves.
Another reason is that many elders prefer to use telephones over text or email messages, falling victim to vishing scams more often than any other form of phishing.
If you have relatives or friends, you think are vulnerable to these scams, make sure to inform them that Social Security Administration, IRS, or Medicare will never threaten them or call them personally to ask for account details. And if they receive such calls, hang up on them immediately and refrain from engaging with them.
5. Delivery Scams
Online shopping has become so common that we sometimes forget what we have or haven’t ordered, and scammers are well aware of this. For example, individuals with nefarious aims impersonate a delivery guy from Amazon, reporting shoppers about shipping discrepancies and asking them to call on a certain number.
Upon calling, they could reach a real number that tries to lure them into revealing their personal details and credit card information.
Vishing scams prevention
Here are some preventive measures you can take to avoid falling to vishing attacks:
Avoid talking to Strangers (or Robots)
- Refrain from answering calls from numbers you can’t identify. And if you’re not sure, let the call go into voicemail and then listen to their message. Note that Caller IDs and phones number can be spoofed, making it look like they are from trusted sources.
- If you receive a call that you think is suspicious, block the number immediately.
- Never call back to any unknown numbers. If you’ve missed a call from an unknown number, look it up from authorized websites before calling it back.
- Be extra careful when responding to voice messages that press buttons and ask you to click certain links.
Take note of Social Engineering red flags
Scammers often use scare and pressure tactics like deadlines, intimidation, and a sense of urgency to make things go in their way. In order to get the upper hand, try to remain calm and composed so you don’t reveal anything that you aren’t supposed to.
Scammers usually threaten victims with arrest, severe penalties, and account suspension or demands for immediate payment. They can sometimes pretend to be courteous, polite, and confident to trick their way into your bank account. If you believe they are divulging TMI to an unknown person over the phone, immediately hang up and be cautious no matter how polite they may sound.
When responding to a potential vishing email, examine the following errors:
- Email address of a sender
- Language, grammar, and tone used within the email
- CTA functionalities
Refrain from sharing sensitive information over the phone
It’s a very basic technique against vishing attacks; if you don’t share anything, you will be safe from it! Trust your guts and hang up immediately if you receive any suspicious calls asking for PINs, account numbers, logins, or other sensitive information. It’s better safe than sorry.
Ask for identity proof
If you have any suspicion about your caller’s identity, don’t hesitate to ask for their identity proof. If they’re really from a legitimate organization, they will send you proof right away.
You’re a Victim of Wishing Attack: Here’s what you can do!
If you think you have revealed your sensitive information to an unknown over the phone, here’s what you should do next:
- Take a deep breath, and relax.
- File a complaint with the Canadian Anti-Fraud Centre through its website at antifraudcentre.ca or by telephone at 1-888-495-8501.
- Immediately change your passwords.
Vishing attacks have become even more prevalent during the Pandemic, as cyber threat actors thrived many opportunities following the shift to remote work. These circumstances highlight the need for robust security protocols to be incorporated on a personal and business scale. If you have anything to add related to vishing attacks and wish to share your experience, please drop them in the comment section below.