There are so many different types of cyber-scams out there. Over the last few months we’ve made it our mission to keep you safe by providing you with tips on avoiding cyber threats. This week, we continue our mission with the subject of Vishing Scams.
What Are Vishing Scams
Vishing (voice-phishing) scams or phone fraud scams are a very common form of fraud and identity theft. Vishing is low-tech, but it is one of the most successful types of scams because it targets the weakest link in the IT and cyber security chain – the human element. The scam doesn’t depend on sophisticated malware, but rather advanced social engineering tactics. Criminals and fraudsters use vishing scams to target individuals or businesses in order to obtain personally identifiable information, fraudulent payments, or other information that can be sold or used to commit other crimes.
Vishing Scams On Individuals
When targeting individuals through a vishing scam, scammers impersonate a representative of a business such as a bank, the police, or insurance company. They typically use information they obtained from a previous data breach so that they have just enough information about you to make the phone call seem legitimate. For example, the fraudster impersonates a representative from your bank. They call and tell you they just need to verify some information because they noticed irregular transactions. They then tell you a list of fake purchases and ask if it’s you. When you say “no” they ask you to confirm your account info so they can decline the transactions and just like that they have access to your bank accounts. The fraudster has used your fear of identity theft to commit identity theft against you.
The best way to protect yourself from Vishing Scams is to ask the caller to provide company info, their name and title, case number, and telephone number. After you have the caller’s information, hang up and confirm the information provided. Call back only if everything checks out.
Vishing Scams On Businesses
When scammers target a business using a vishing scam, they typically assume the identity of an account holder with the purpose of gaining access to the individual’s account. The account holder information has usually been obtained through identity theft or a previous data breach. Using their social engineering skills, the scammer calls the business and provides a believable backstory and gains access to the account. For example, they might tell the customer service representative that either they were recently in a car accident, their apartment or home was broken into or that they experienced a birth or death in the family and that they can’t remember their password or login info. Whatever the story, it will be emotionally charged and designed to create sympathy so that the representative doesn’t follow company policy. Next thing you know, the business representative has given temporary login information to a fraudster and criminal. In this case, the fraudster has used a sympathy play to get an employee to ignore company policy and procedures putting the account holder and the business at risk.
For businesses, no matter what size, the human element of IT and cyber security is one of the most critical. Most scams, from BEC Scams to Phishing Scams, are successful due to human error. Making sure your employees have the proper training and are fully aware of company policy and procedures are just as important as keeping your IT systems up to date and secure.