Did you know that in 2018 alone Vishing campaigns worth $48 million were conducted by scammers in the US?

Talk To A Security Expert

We Will Help You To Choose The Best Plan!

Message Submitted!


What Is A Vishing Attack?

The word vishing comes from a combination of the words “voice” and “phishing”. When cybercriminals make use of telephonic calls to trick users and subsequently scam them, the entire process is called Vishing. While receiving a call, it is very difficult to detect whether the call is from an authentic source or not. Cyber attackers take advantage of this and ring up targets trying to lure them into disclosing their personal and sensitive details.

Cyber attackers ring up hundreds of people on a single day and they use social engineering to impersonate an authentic source. Voice over internet protocol technology (VoIP) can be used by them to hide their actual voice and they may even spoof the caller ID so that it may appear to the victim that the call is coming from a familiar and authentic source such as their bank.

Types Of Vishing Attacks

“Unusual Activity In Bank Account”
This may come as a pre-recorded message or a fresh call where the scammer informs the victim that there has been certain unusual activity in his/her bank account. The victim is then asked to disclose his banking credentials and PIN so as to resolve the issue. Usually, people who are not alert enough give up the information which can be easily used by the scammers to withdraw money from their account.
“Incredible Investment Offers”
Offers that are too good to be true are usually from fraudulent sources. Cybercriminals sometimes may call up victims and make them very unrealistic offers such as the opportunity to earn double the amount by making a very minimal investment. People are generally lured towards such offers and transfer money which is never paid back.
“Medical Care Offers”
More often than not scammers may pose as medical representatives and reach out to elderly citizens over telephonic calls asking them to invest in medical care facilities. They would try to get the victims to reveal their banking credentials or medical information through this scam.
“IRS Tax Scam”
Hackers may place a call on the victim’s phone in an attempt to threaten or scare the victim with the news of a tax fraud conducted by him. Victims would be informed that there was some problem with the concerned person’s income tax return and if not paid an arrest warrant will be issued against him.

How To Identify A Vishing Attack?

The caller impersonates government officials or legal bodies

An out of the blue call from income tax officials, social security administration or medical representatives can be the call from a scammer. Usually, such officials do not contact out of the blue and inform you about situations. Moreover, medical or banking information is never asked over phone calls.

The tone of the call

Users should pay very close attention to the tone of the phone call. Usually, phone calls from scammers are to instigate a sense of panic among the victims so as to weaken their sense of judgement. Beware of phone calls with a tone of urgency or which sounds threatening. It is also advisable to not fall for ridiculous offers and investment policies that may seem too good to be true.

Asking for personal information

One must always remember that personal information or banking credentials should never be disclosed on digital platforms over email, SMS, or call. Information such as medical history, birth date, address, social security number, bank account number and PIN, corporate ID etc. should remain confidential at all times. Scammers tend to hanker for such information.

How To Prevent Being Vished

  • Sometimes the hackers provide a number to call back on. The number can be checked against the official helpline number of the concerned organization by going on their official website to see if it matches. The source of the number can also be checked using simple mobile applications like truecaller.
  • Don’t be reluctant to hang up a call if you suspect that the caller is trying to conduct a vishing attack.
  • It is always advisable to not pick up every single unknown number and let such numbers go to voicemail instead. If the message is relevant only then calling back might be a feasible option.
  • Blocking the number to ensure that you do not receive any further calls from it is also a viable option to prevent future attacks.

How To Respond After A Vishing

On giving up bank account credentials on a phone call it is imperative to check up with the institution and ask them for follow-ups of advice regarding how to deal with the situation. Calling up your bank, credit card company, or income tax office will allow experts to assist you with blocking any transactions of fraudulent nature.

Also, responding quickly to such incidents will allow you to have adequate time to close your bank account and block your card so that scammers cannot withdraw any money using your credentials.

Contact cybersecurity officials to assist you with tracking the number from which the fraudulent call was made.


Why Avail A Social Engineering Attack
Awareness Training Program?

Employees in an organization are usually ill-informed about cyber attacks and security-related problems. They are unaware of the latest trends and techniques used by cybercriminals, and hence they easily fall prey to impending threats. Without spreading awareness among employees adequately, it is impossible for an organization to protect their assets and finances from hackers. Consulting with security analysts and experts so as to avail a well-rounded social engineering attack awareness training program can help educate employees regarding social engineering attacks and their preventive measures. The program includes 3 comprehensive steps for complete cybersecurity awareness and training:

Card image cap
Simulation 1.0

To perpetrate the first round of dummy phishing attack on employees

Card image cap
Knowledge imparting session

Imparting details knowledge on phishing attack and prevention via video advisories, presentations, and lectures.

Card image cap
Evaluation and Assessment

Regular cumulative assessments are conducted to ensure that the employees are making improvements while handling phishing attacks.

Gain Deeper Insights into Phishing Attacks

Related News Stories On Cyber Attacks