How do you know that the number calling you is legitimate? You can’t. Vishers can spoof even your mom’s phone number and convince you that she’s in trouble – and that you can save her by wiring a lump sum to them. Vishing attacks are particularly difficult to recognize. But what is vishing? Find out how to spot it below.
Vishing is a portmanteau of the words “voice” and “phishing.” It’s a social engineering attack similar to phishing that uses deception and plays with your strongest emotions such as fear, greed, or sense of urgency, to get personal information out of you.
Scammers use vishing to get information such as bank account numbers, phone numbers, email addresses, or anything that could be used in future attacks or to steal your identity. However, while phishing uses different platforms such as emails or spoofed URLs, vishing scams only use phone calls and Voice over IP (VoIP) technology such as Skype and similar platforms. Vishing attacks can also be accompanied by smishing, which includes deceptive SMS/text messages.
In vishing attacks, scammers pretend to be calling from legitimate companies, banks, or government institutions, or they may pretend to be someone you know. There may be a real human being at the other end of the line, or you might simply receive a voicemail from a spoofed number asking you to call back. Once you do, you’ll hear a robot asking you to enter your details to take you through to an assistant. However, in reality, you’ll be sending your details straight to a hacker.
Vishing is becoming even more sophisticated with the rise of AI and deep fake technology. It can now imitate the voice of someone you know, like your boss or your family member who’s asking for help. These are especially difficult to recognize.
There are different types of pretexts vishers might use. These are the most common ones you should be aware of:
These vishers will pretend to be calling from a legitimate company – one you’re already a client of or a company that offers deals you can’t resist. For example:
The trick here is that the scammers will always ask for your details or money in exchange for whatever they’re offering. Be prepared to hear phrases such as ‘you’ll only be able to claim your offer if you pay the handling fees.’
In this type of vishing attack, scammers will pretend to be from a government agency like The Internal Revenue Service (IRS) or Social Security Administration (SSA). They will play with your fear and sense of urgency, telling you that you owe them tax money and that you need to pay them back immediately. Otherwise, you’ll be fined – or worse.
They might have other pretexts and ask you to confirm your social security number to continue receiving the medical care or social benefits you are currently entitled to. Of course, all these stories are there to trick you into paying money or sharing your social security number.
In this type of fraud, scammers will tell you that they were notified that your device needs to be updated or that they have found vulnerabilities that need to be fixed immediately. To fix these issues, they will require remote access. However, if you agree, the scammers will have full control of your device and will be able to steal your data or install malware. Less-clever scammers might pretend to be running diagnostic tests and will ask for your sensitive details to “complete them.” They might also ask you to pay once they repaired your device that wasn’t broken in the first place.
Vishers might also try to turn this attack the other way round and make you call them. They can do so by creating malicious ads and pop-ups that look similar to your antivirus messages. These pop-ups will notify you of a system breach and that you need to call a specific number to fix it. When you call them, they will try to lure more information out of you and make you pay for their ‘service.’
In this attack, the fraudster’s main aim is to get your financial information out of you. They might pretend to be calling from your bank to tell you that you have fraudulent charges or suspicious activity on your account. They will try to convince you that you need to act now to cancel them – by telling them your login info.
Relationship scams often target the elderly. A typical scenario is a call from your grandson or a granddaughter who is in trouble and needs your help. They might try to convince you that they were in an accident and that they are in a hospital, in jail, stuck abroad, etc. The only way for them to get home is if you transfer them a certain amount of money. To make the story more convincing, they can also provide you with a number of their doctor or lawyer, who “will provide you with more details”.
For more tips on cybersecurity, sign up for our monthly newsletter below!