Hang Up on Vishing Attempts

June 2, 2023


As our lives become increasingly digital, we’re exposed to more and more cybersecurity threats. Two common methods cybercriminals use to gain access to victims’ personal information are vishing and spoofing.

The term “vishing” comes from a combination of “voice” and “phishing,” which is a similar type of attack that uses email to trick people. Vishing is a social engineering attack involving voice calls or Voice over Internet Protocol (VolP) to trick people into giving out their personal information.

Vishing attacks are on the rise and still going strong. According to cybersecurity company, Trellix, vishing attacks increased by 142% from Q3 to Q4 in 2022. These imposters convince victims to give out sensitive information such as credit card numbers, social security numbers and passwords.

Vishing typically involves a cybercriminal pretending to be someone else, like a financial institution representative or a government official. In addition, scammers often disguise phone numbers with spoofed caller IDs to disguise the caller’s real origin and falsely show up as from the victim’s area code. This is how spoofing, which often goes hand in hand with vishing, works.

Cybercriminals use legitimate-looking phone numbers or email addresses in spoofing attacks to gain a victim’s trust and will then ask for sensitive information or direct the victim to a fraudulent website.

Beware of Urgent Text Messages

Vishing attempts can start with a text message. In one recent case, a woman received a text from a number with an area code she recognized and seemed to be from her financial institution. The message asked her to verify a recent purchase she made at a large retailer.

After responding that she hadn’t made the purchase, the woman received a call. When the caller eventually asked the woman to share sensitive information, including her password, she realized the call was a potential scam. The woman then called the institution directly and confirmed this was, in fact, a social engineering scam.

Protect Yourself and Accountholders

To help yourself and accountholders steer clear of vishing attempts, keep these tips in mind:

  • Be skeptical of unsolicited calls or emails. Don’t respond if someone calls or texts you out of the blue and asks for personal information.
  • Verify the identity of the caller by directly contacting the organization using official contact information.
  • Avoid giving out sensitive information over the phone or via email. Legitimate organizations don’t typically ask for sensitive information this way.
  • Install and regularly update security software on your devices. Enable two-factor authentication, which can provide extra protection against vishing and spoofing attacks.
  • If you or an accountholder becomes a victim of a vishing scam or attempt, you can report it to the Federal Trade Commission.

Courtesy of SHAZAM.NET

For more cybersecurity education and tips, follow SHAZAM on LinkedIn and Facebook.

Join Us

Become a Member - Click to Join - We're here for you.

Have a Money Question?

Ask the Money Man - click here