When you receive a call from an unknown number, you don’t know who will be on the other end of the line. It is possible that it is a vishing attempt which is a type of phishing. A phone scam called vishing, which is short for “voice phishing”, is used by hackers to manipulate their victims into giving them confidential information over the phone.
Because more and more people are working from home, hackers have been able to take advantage of the lack of in-person involvement to commit vishing scams. CISA and the FBI released a joint report in August 2020 about increased vishing frauds targeting organizations. Scammers perpetrate vishing schemes through phone calls, voicemails, and even emails. Malicious actors often use VoIP since it allows them to make phone calls through the internet rather than a regular phone line. Additionally, VoIP makes it easy to spoof the caller IDs, which gives the appearance of legitimacy to the call. We share 4 tips based on common vishing attack examples to illustrate how to prevent and avoid falling victim to these dangerous voice phishing scams.
How to Prevent Vishing & Protect Yourself
You can protect yourself and your organization in multiple ways from falling victim to a vishing attack. Here are four simple tips to prevent vishing.
Tip #1 – Verify Unknown Phone Numbers
If you receive a call from an unknown number, use a mobile application such as True Caller to make sure it is a legitimate call and not a vishing scam. Most of the time, the app will tell you whether the number is a known scammer or not. In case you are not sure about the caller’s identity, don’t answer, but call the party back directly. The call might appear to originate from your office or a bank, so decline the call and call, text, or email the supposed caller yourself to verify if they are the ones reaching out to you.
Tip #2 – Don’t Divulge Your Passwords or Login Information
Hackers use vishing techniques to scam victims by asking for personal information like debit card / bank account details, login credentials, passwords, or social security number. It is common for them to use tricks such as tugging on human emotions (“I’m in real trouble and you’re the only person I could think to call”) or offering seasonal deals (“If you haven’t found that perfect Christmas gift yet, have I got a deal for you!”) to obtain information from their victims. These tricks often include using fake IDs and pretending to be someone they are not. It is important to note that banks and other financial institutions would never ask you for debit / credit card numbers, user names, and passwords over the phone. Hence, don’t give out sensitive data such as your PIN, password, CVV, or OTP to anyone. Remain vigilant and be on the lookout for potential vishing or other phishing attacks when you receive phone calls and text messages that request personal information.
Tip #3 – Register for the National Do Not Call Registry
You can register your phone number in the National Do Not Call Registry system. This service is free of charge and essentially informs marketers that you do not wish to receive their unsolicited phone calls. Some companies, like political groups or charities, may still contact you, and the system does not prevent people from calling you illegally. Of course, scammers don’t abide by the National Do Not Call Registry, but if you are registered, the chances are heightened that an unknown caller is more likely to not be a legitimate business.
Tip #4 – Never Share Drivers License or Passport Information
The majority of vishing scammers construct their hacks in order to steal money. Some, however, steal identities as well. Identity theft is becoming more serious in the United States these days.
People seeking employment are particularly targeted by such common vishing scams. The perpetrators identify potential targets through social media posts that a person is looking for a job. The visher commonly sends the victim a fancy package with a job offer. The scammer creates the fake job offer by using a company’s name, website, and other related information. Attached to the offer is a form that requests sensitive information about the applicant. This includes their name, drivers license information, and passport number.
If you encounter an attractive but unexpected job offer, approach the company’s HR department directly and ask if they are the ones who sent the job offer. Verify the sender’s email address or phone number before giving away your personal details. The hackers manipulate the scam to prompt the victim to respond immediately with their personal information. An implied or stated sense of urgency is a good sign that the offer is a ripoff. Hence, you should always be cautious. Fostering a healthy level of suspicion can surely help stop vishing attacks just like any other any type of social engineering attack.
Final Thoughts on Stopping Vishing Attacks
With this understanding of what vishing is and the threats it entails, be on the lookout whenever you get a phone call, and never give your personal or financial information to anyone via the phone or email. Despite the caller’s assurances how serious or urgent it is, you must authenticate them before taking action in order to protect yourself from these dangerous hackers. If you are a business owner, consider providing security awareness training to your employees on how to detect and stop these malicious attacks.
Vishing attempts may direct the user to respond to an email, where an extensive hack lays wait. Trustifi’s Inbound Shield email security solution is designed to detect dangerous emails and discard them right away. No system can reliably stop vishing phone calls, but Inbound Shield can protect your inbox from the nefarious emails that often accompany a vishing attack. Contact a Trustifi representative today to learn how easily and affordably you can add an extra layer of security to your existing email service.
