There’s a new scheme in town: “vishing,” or voice phishing. A form of fraud that attempts to access private information via phone calls and voice messages, vishing reports have proliferated as robocalls continue to increase.
Vishers rely on a standard script when a real person picks up one of their calls: they often claim to need financial data to clear up an IRS matter, identifiers such as birthdates of social security numbers to unfreeze bank accounts, or address confirmations to restart utility service.
But vishers take things one step further—they’re particularly adept at social engineering, the use of deception to manipulate individuals into divulging confidential information for fraudulent purposes. Sometimes all they’re looking for is a quick recording of your voice saying “Yes” or “I agree” that they can then use to breach important accounts.
That explains the more complicated stories currently dominating the vishing headlines: the fraudulent caller who uses a real person’s LinkedIn history to pose as a CEO extending a job offer. The so-called account rep that gains your confidence by reciting basic information easily gleaned from social media. The apparent government employee calling to clear up charges related to a past infraction.
Schemes like this are even harder to combat when scammers have so many tools at their disposal. They can route their calls through a multitude of carriers and networks, making it difficult to determine exactly where they originate. Some have even perfected “neighborhood spoofing,” in which robocalls are placed using local numbers to try and entice recipients to pick up. Similarly, scammers can spoof an existing number, tricking consumers into thinking a trusted business is calling them.
The bottom line? All it takes is one piece of personally identifiable information and the visher can run wild, accessing financial accounts, hacking into email, compromising health care records, or even applying for credit cards in your name.
So what can you do to protect your information and prevent a bad case of vishing? CMIT Solutions has gathered the following tips and tricks:
1. Beware of phone calls from unfamiliar numbers.
The best way to avoid vishers is to not answer a call from an unfamiliar number in the first place — especially if they call comes in to your cell phone, which lack the same protections as landlines. If you see an unfamiliar number, send it straight to voicemail; if the same number calls often, consider declining or even blocking it.
2. Avoid starting a conversation with the caller.
If you do find yourself on the line with a suspected visher, don’t respond if they ask you to say “I agree” or press a number to opt out — that will let the hackers know your number is operational. Nine times out of ten, the smartest move is to hang up if you realize the call is fraudulent.
3. Don’t say anything if you can.
Spammers can ask a variety of questions like “Can you hear me?” or “Would you like to opt out of calls like these?” If you respond with a “Yes” or “I agree,” that voice signature can be used at a later date to authorize fraudulent charges via telephone. In addition, don’t yell at or accuse a live caller. In many instances, this can result in more calls to your number — or the hackers spoofing your number and trying to take advantage of your trusted network of contacts.
4. Report spammers to the National Do Not Call Registry.
Once your number has been listed on the Registry for a month, you can start reporting unwanted calls to the Federal Trade Commission. Consider this just one layer of a comprehensive defense against vishers — not a method for stopping 100% of such calls.
5. Work with your IT provider to deploy further layers of protection.
Options abound in this space: apps that block calls on your cell phone and recognize known spam numbers, and services that deliver a message to robocallers alerting them that your number is out of service, and security tools that protect your passwords, your online accounts, and your identity, too. Collaborating with a trusted IT provider is key, though, as it can be daunting to change the security settings on your phone.
In today’s digital world, security problems never stop evolving. Although vishing may just put a new name on an old form of criminal fraud, it’s worth noting the uptick in attempts to compromise private information. If you need help securing your data and protecting your business, contact CMIT Solutions today. We keep our clients safe by remaining on the cutting edge of IT security—for desktops, laptops, servers, and phones alike.