What is Vishing?​ ​

What is a Vishing Attack?

Voice phishing, or vishing, is a cybercrime that uses the telephone to steal personal or confidential information. Cybercriminals use persuasive language and scenarios that simulate legitimate phone calls. 

The following conversation is a real-life scenario of a vishing attack against Wells Fargo clients.

“Hello, this is Wells Fargo’s fraud department. We’re calling to inquire about an erroneous $800 transaction on your account. Could you confirm that you are the account owner before we continue?”

Vishing attackers may pretend to be government representatives from the IRS, the Social Security Administration, or Medicare. Scams may include bank impersonation, tech support fraud, and telemarking attacks where the caller claims to offer a free trip or a prize in exchange for personal information. 

Cybercriminals who have done their homework gain trust by divulging personal information about the victim, making the vishing attack even more believable. 

Types of Vishing Techniques

War dialing

War dialing, which may also be referred to as “wardialing,” is a vishing technique to automatically dial a large list of telephone numbers in search of devices such as modems or fax machines that can be exploited. The purpose of war dialing is to target security vulnerabilities in wireless networks.

VoIP

This method of vishing (voice phishing) attack involves the creation of fake phone numbers that are difficult to track. The calls may appear to be from the government, local hospitals, police departments, or other legitimate businesses. 

Caller ID Spoofing

To disguise their identity, cybercriminals may use caller ID spoofing to falsify the information displayed on the phone’s caller ID.  

Dumpster Diving

Dumpster divers locate financial statements, government records, medical bills, resumes, and other sensitive information simply by going through the victim’s rubbish. Information obtained about individuals or organizations could later be used for a cyberattack.

How To Prevent Vishing Scams

  • Never divulge social security numbers, credit card numbers, account numbers, or other personal information on the phone. Banks, hospitals, and government agencies will never call you for personal information. 
  • Do not answer calls from unknown numbers. Let the call go to voicemail. 
  • Pay attention to the language being used by the caller. Vishing attacks take advantage of basic human behaviors such as fear, greed, and trust. 
  • Do not respond to emails or social messages asking for your phone number.
  • Register your phone number with the Do Not Call Registry. 
  • Use common sense when dealing with any caller you do not recognize. Do not respond to requests to transfer funds, provide confidential information or email documents fro your personal account.  

Don’t let your team be talked into a vishing scam. Let us help them build good cyber habits.