What Is Vishing, And Why Is It A Threat – Forbes Advisor

Posted on August 25, 2022

Editorial note. We receive a commission for affiliate links in Forbes Advisor. Commissions do not influence the opinions or ratings of our editors.

We’ve all been there: Your mobile phone is ringing from an unknown number. You hesitate. The area code is local, so it could be your doctor’s office or a new business associate you expected to hear from.

So you answer, only to be greeted by someone claiming that your car’s warranty is expiring or that you’ve inherited some money. The caller says they just need to collect your bank details in order to send you the funds.

But do not divulge information, because it is likely that the caller is a scammer.

The New Reality of Vishing: Voice Phishing

With robots, telemarketers, and real cybercriminals trying to contact you, answering the phone has become quite risky. A modern phone scam called voice phishing or “vishing” uses manipulation tactics to trick victims into revealing personal information that can be used for digital theft.

According to a quarterly report by PhishLabs and Agari from HelpSystems, where I work as a Senior Threat Research Fellow, the prevalence of these schemes is at an all-time high. The study found that the number of cases of vishing has increased dramatically by 550% from the beginning of 2021 to the beginning of 2022.

How vishing starts

How does a scammer get your number? Short answer: it’s hard to understand. With all the data leaks in recent years, contact details, login credentials, and a host of other sensitive information can easily be purchased on the dark web.

Vishing scammers may try to supplement the information they already have with any new data they can trick you with, such as your social security number, usernames and passwords, debit card PIN, one-time login codes, and more.

Vishing can be part of an integrated, blended approach. The scam can start with a phishing email or SMS (“smishing”) and then direct you to a fake website that misleads you into thinking that you are dealing with your bank or other familiar company.

Every element of these scammers is designed to swindle you out of your hard-earned money. Be aware that caller IDs can be spoofed and anyone can easily get a Google Voice phone number that looks like a local one.

8 scams that can steal your money

Here are eight categories of common vishing scams and examples of how they work.

1. Technical support

They call you and tell you that your computer’s antivirus protection will be automatically renewed for $400. Whether you want to renew your subscription or cancel, the caller says they need to verify the credit card on file, your address, and maybe even your social security number.

2. Computer virus

Suddenly, an urgent warning appears on your computer screen that a virus has infected and disabled the machine. You are told to call the number to fix the problem. The scammers are trying to trick you into giving you access to your computer in order to install spyware and collect additional information. (But if you just reboot, the warning should go away.)

3. Voice mail attachment

You receive an email sent to your work account with a voicemail attached. If you click to try to eavesdrop, you may inadvertently give a scammer access to your corporate credentials.

4. Advance payment fraud

The caller from the “bank” says that you have the right to claim an inheritance. They just need you to make a small payment to cover the notary who will disburse the funds. But there is no windfall for you, just the possibility of losing all the money you have.

5. Gift cards

Your “boss” leaves a voicemail asking you to buy gift cards for your team. You are prompted to send a text image with options from the store to show what is available, then buy cards and send a text message with numbers and codes.

6. Prizes

They call you and tell you that it’s your lucky day – you’ve won a prize! You can get it after you confirm your payment details: bank account number, address, date of birth, social security number, and so on. If you provide this personal information, the scammers will win the jackpot.

7. IRS Alerts

The caller supposedly from the IRS says there was some kind of lawsuit connected to your social security number and they will send agents to your house if you don’t provide money to fix it. This vishing scam is especially popular during tax season.

8. Fraud based on area codes

Fraudsters know that people are more likely to answer calls with their area code. For example, in the San Francisco Bay Area, scammers target first-generation Chinese residents with voice messages purporting to be from local immigration officers. The scammers threaten to arrest their victims if they do not call back and provide details of their place of residence.

Caller ID Spoofing Laws and Regulations

Many of these tricks use caller ID spoofing, which allows the scammer or calling robot to display the name of a local business or government agency in the caller ID. A 2009 law called the Caller ID Act makes this practice illegal in most cases, but it is far from a remedy.

Likewise, protocols using the colorful acronyms STIR and SHAKEN were developed in hopes of stopping caller ID spoofing on public telephone networks.

How to protect yourself from vishing scams

Many criminals have moved from mail fraud to hard-to-trace telephone robberies to avoid severe federal sanctions for mail fraud. These tips will help you avoid landmines:

  • Do not answer a call from an unknown number. This can be tricky if your personal and work phone numbers are the same. But if possible, transfer the call to voicemail. Also, resist the temptation to answer if the caller calls back immediately to make you think the matter is urgent.
  • Never send money after an unexpected call. Be especially suspicious of any party demanding payment with cryptocurrencies, gift cards, Zelle, or Western Union money transfer.
  • Verify via another channel. For any incoming request for information, hang up, look up the organization’s phone number yourself (perhaps on the back of an insurance, bank, or credit card), and call back to find out if someone is trying to contact you legally.
  • Touch your intuition. The FBI and Microsoft are not going to call about a virus on your computer. If your spider senses are tingling, there’s probably a reason.
  • Implement spam blocking. Telecom service providers and consumer applications can help block or flag numbers that may generate spam calls. There is also a state-run Do Not Call registry that can help you avoid telemarketers, although scammers are unlikely to play by the rules. But registration can protect you from some phone lists used by scammers.
  • File a complaint. Contact the FCC if you are receiving calls that appear to be fraudulent, and alert the FBI Internet Crime Complaint Center if you have suffered a financial loss related to vishing.

Find the best identity theft protection services of 2022

Leave a Reply

Your email address will not be published. Required fields are marked *