Subscribe to our weekly newsletter Cyber Times and join our 10000+ strong Cyber Resilient Community
ALL YOU NEED TO KNOW ABOUT VISHING ATTACKS
Did you know that in 2018 alone Vishing campaigns worth
$48 million were conducted by scammers in the US?
Talk To A Security Expert
We Will Help You To Choose The Best Plan!
What Is A Vishing Attack?
The word vishing comes from a combination of the words
“voice” and “phishing”. When cybercriminals make use of telephonic calls to
trick users and subsequently scam them, the entire process is called Vishing.
While receiving a call, it is very difficult to detect whether the call is
from an authentic source or not. Cyber attackers take advantage of this and
ring up targets trying to lure them into disclosing their personal and sensitive details.
Cyber attackers ring up hundreds of people on a single day and they use
social engineering to impersonate an authentic source. Voice over internet protocol technology
(VoIP) can be used by them to hide their actual voice and they may even spoof the caller ID so
that it may appear to the victim that the call is coming from a familiar and authentic source
such as their bank.
Types Of Vishing Attacks
“Unusual Activity In Bank Account”
This may come as a pre-recorded message
or a fresh call where the scammer informs the victim that there
has been certain unusual activity in his/her bank account.
The victim is then asked to disclose his banking credentials
and PIN so as to resolve the issue. Usually, people who are not
alert enough give up the information which can be easily used by
the scammers to withdraw money from their account.
“Incredible Investment Offers”
Offers that are too good to be
true are usually from fraudulent sources. Cybercriminals
sometimes may call up victims and make them very unrealistic
offers such as the opportunity to earn double the amount by
making a very minimal investment. People are generally lured
towards such offers and transfer money which is never paid back.
“Medical Care Offers”
More often than not scammers may pose as
medical representatives and reach out to elderly citizens over
telephonic calls asking them to invest in medical care facilities.
They would try to get the victims to reveal their banking credentials
or medical information through this scam.
“IRS Tax Scam”
Hackers may place a call on the victim’s phone in an attempt
to threaten or scare the victim with the news of a tax fraud conducted by him.
Victims would be informed that there was some problem with the concerned person’s
income tax return and if not paid an arrest warrant will be issued against him.
How To Identify A Vishing Attack?
The caller impersonates government officials or legal bodies
An out of the blue call from income tax officials, social security
administration or medical representatives can be the call from a scammer.
Usually, such officials do not contact out of the blue and inform you about
situations. Moreover, medical or banking information is never asked over phone calls.
The tone of the call
Users should pay very close attention to the tone of the phone call.
Usually, phone calls from scammers are to instigate a sense of panic among
the victims so as to weaken their sense of judgement. Beware of phone calls
with a tone of urgency or which sounds threatening. It is also advisable to not
fall for ridiculous offers and investment policies that may seem too good to be true.
Asking for personal information
One must always remember that personal information or banking credentials should never be
disclosed on digital platforms over email, SMS, or call. Information such as medical history,
birth date, address, social security number, bank account number and PIN, corporate ID etc.
should remain confidential at all times. Scammers tend to hanker for such information.
How To Prevent Being Vished
Sometimes the hackers provide a number to call back on. The number can be checked against the official helpline number of the
concerned organization by going on their official website to see if it matches. The source of the number can also be checked using
simple mobile applications like truecaller.
Don’t be reluctant to hang up a call if you suspect that the caller is trying to conduct a vishing attack.
It is always advisable to not pick up every single unknown number and let such numbers go to voicemail instead. If the message is
relevant only then calling back might be a feasible option.
Blocking the number to ensure that you do not receive any further calls from it is also a viable option to prevent future attacks.
How To Respond After A Vishing Incident
On giving up bank account credentials on a phone call it
is imperative to check up with the institution and ask them
for follow-ups of advice regarding how to deal with the situation.
Calling up your bank, credit card company, or income tax office will
allow experts to assist you with blocking any transactions of fraudulent nature.
Also, responding quickly to such incidents will allow you to have adequate time to
close your bank account and block your card so that scammers cannot withdraw any money
using your credentials.
Contact cybersecurity officials to assist you with tracking the number from which the fraudulent call was made.
Why Avail A Social Engineering Attack Awareness Training Program?
Employees in an organization are usually ill-informed about cyber attacks
and security-related problems. They are unaware of the latest trends and
techniques used by cybercriminals, and hence they easily fall prey to impending
threats. Without spreading awareness among employees adequately, it is impossible
for an organization to protect their assets and finances from hackers. Consulting
with security analysts and experts so as to avail a well-rounded social engineering
attack awareness training program can help educate employees regarding social engineering
attacks and their preventive measures. The program includes 3 comprehensive steps for complete
cybersecurity awareness and training:
To perpetrate the first round of dummy phishing attack on employees
Knowledge imparting session
Imparting details knowledge on phishing attack and prevention via video advisories, presentations, and lectures.
Evaluation and Assessment
Regular cumulative assessments are conducted to ensure that the employees are making improvements while handling phishing attacks.