Phishing is an email scam in which the scammer masquerades as a trusted source to trick recipients into revealing sensitive information or downloading malware. Vishing is a similar scam to “voice phishing” with many variations, which can trick larger creatures with potentially disastrous consequences.
In 2020, phishing, vishing and other scams cost more than 241,000 victims more than $24 million, based only on cases reported to the FBI, but many other cases of fraud that have not been reported to authorities. According to international cyber security company ESET, users can take measures to avoid falling prey to voice phishing.
How do lucrative scams work?
Scammers use social engineering to manipulate their victims. They present themselves as an entity you trust – for example, your bank, a tech company you work with, a government agency, a technical support staff member – and you get the impression. Grant that this is an urgent or worrying event. This urgency or fear that they create overwhelms any physical attention or suspicion of the victim.
These techniques are also used in phishing emails and fake text messages (known as SMS phishing). But they can be more effective when used “live” on the phone.
Wishers – i.e. fraudsters who use voice phishing techniques – have a number of additional tools and strategies to make their scams more successful, such as:
– Caller ID forgery tools, which can be used to disguise the scammer’s real location and even change phone numbers to make the call appear from a trusted organization.
– Scams with a combination of various tactics, which may start with a fake SMS (smishing), a phishing email or a voicemail and encourage the user to dial a number. If the victim calls, he or she will speak directly to a scammer.
– Scammers can investigate and search social media and uncover a wealth of information about their victims. Scammers can use this information to target specific individuals (such as employees of companies with access to privileged accounts) and thus make communications more legitimate – that is, scammers may disclose certain personal information to the victim. so that he can extract more information.
Such attacks are more common, thanks largely to remote working during the pandemic, as the FBI warned. An attack on Twitter, in which employees were tricked into revealing their logins, suggests that technology companies may also be victims of attacks.
Scammers also use vishing to attack consumers. Their ultimate goal is to make money either by stealing bank accounts or card details directly, or by tricking you into giving you personal information and credentials which they can use to access these accounts.
Technical Support Scams: In tech support scams, victims are often approached by someone pretending to be calling a telecommunications provider or a known software or hardware vendor. Scammers will claim they found a problem with your computer and then ask for a fee (and your card details) to fix it. Sometimes, this process involves downloading malware without the knowledge of the victim.
Sending messages to a large number of telephone numbers (wardialing): This is the practice of sending automated voice messages to a large number of victims and usually tries to scare them into calling back – for example by claiming that the victims have Non-payment of tax bill or other penalty.
Telemarketing: A phone call in which a scammer claims you have won a prize and requires a cash deposit before the victim can receive the prize.
Phishing/Smishing: The fraud may be triggered by a fake email or fake SMS, which encourages the user to dial a number. A popular scam is an email from a “company” that claims something is wrong with a recent order. By calling the number, the victim will eventually connect with the scammer.
how to protect yourself
To prevent voice phishing, there are some basic security steps, according to ESET:
Remove your phone number from the phone book so that the number is not available to the public.
Do not fill your phone number on the online form (ie while shopping online).
Be wary of receiving requests for information about your bank, personal or other sensitive information over the phone.
Be careful – don’t discuss it with someone who is calling you, especially if that person asks you to confirm sensitive information.
Never call the number you were notified of via voicemail. Always contact the organization your interlocutor should represent first.
Use Multi-Factor Authentication (MFA) on all online accounts.
Make sure the email/internet security software is up to date and includes anti-phishing features.