AbleToTrain von Willing & Able

What is a vishing attack?

Lately, the question “what is vishing?” is becoming increasingly more popular. A vishing attack is a type of scam in which criminals contact a potential victim over the phone pretending to be a company and try to convince them to share personal information.

The word vishing comes from a “voice phishing” that is, a phishing attack using voice. This does not mean that communication is made exclusively through phone calls. It is common for this type of attack to start with sending an SMS, for example. For this reason, people are not able to differ smishing with vishing properly. Although the goals are the same, there are some differences in the techniques used in each.

Differences between phishing, vishing and smishing attacks

The phishing as a term is in use from 90s to describe activities that fraudsters used as a bait to catch their victims on the Internet. Even today, the word is associated with social engineering based scams that is, scams that try to manipulate people into falling into a trap.

With the evolution of cybercrime, the terms “smishing” and “vishing” have emerged, which can be classified as types of phishing. In the case of smishing, criminals try to persuade a victim to click on a malicious link or reply to the message by providing their details. The entire process is limited to exchanging text.

In vishing attacks, there is a voice contact during the fraud attempt. The initial sending of an SMS only serves as bait to confirm that the number really belongs to someone or simply to induce a potential victim to call a number so the criminals can follow up with the attack.

Common vishing attack examples

Different methods are being used to access the phone numbers of victims. For example: getting sensitive information through mega data leakages, social networks and job sites. In these cases, it is even easier to gain people`s trust since the criminal will have at hand data such as the victim’s name, title and company.

Another common technique is sending text messages to random numbers. The message usually prompts the person to call the “company” and provides an opportunity to reply to something like “send a” STOP “if you don’t want to receive this message”. When that person replies, the criminal receives confirmation that the number is being used by someone and is a potential target.

Here is an example of a voice phishing attack:

Warning from financial institutions

The fraudster calls the victim that it is from a bank or other institution and informs them that there is a problem with their account or credit card. False alarms may also arrive via SMS first, prompting you to call the number to resolve the issue.

Provides investment and other financial solutions

Another tactic used in voice phishing scams is a link that offers the opportunity to repay debt for less than the original amount or promise high returns. These “offers” usually have a time limit and the person needs to act immediately.

Social Security Number or Health Insurance Application

In some cases, scammers can benefit from the service by persuading the target to share personal information such as health insurance numbers. Scams are also common in which criminals impersonate government officials, claiming that the victim’s Social Security number is blocked, and allowing the number to be verified and reactivated.

Billing by technical support

This type of attack can be caused by sending a link that opens a page informing you that a problem has been detected on your computer and that you need to call the number for technical support. Another common technique is for a criminal to call the victim directly to warn the victim that the device has failed and will be contacted to assist the victim. At the end of the service, you will be charged to fix a problem that did not originally exist.

How to prevent a phishing attack

The first step in protecting against a voice phishing attack is to recognize how the attack will occur. Therefore, unwanted contact should be seen skeptically. Words of advice: Be especially careful when calling for special offers or especially requests for personal information. If you receive a message that you need to contact a

phone number, it’s best to first find out if the phone number actually corresponds to a legitimate company or institution. If you’re contacting us immediately by phone, especially if the tone of the conversation conveys a sense of urgency, it’s a good idea to hang up and check the official channel to make sure the communication was actually made by a trusted agent. To do. Also, any kind of offer that seems too good to be true must be suspicious. If it turns out to be a

scam, the first action you should take is to report and block the number. If the victim has already provided financial information, it is important to contact the bank or other agency as soon as possible to inform them of the incident and request an account number change, card block, or future fraud block. is.

Vishing calls, smishing, and phishing are all types of social engineering attacks designed to capture personally identifiable information that allows scammers to access your account. As fraudsters use increasingly sophisticated techniques to trick users into providing account information, it is becoming increasingly difficult to protect them from account hijacking.