What’s the problem?
Vishing – or voice phishing – is just as it sounds; using calling people over the phone, impersonating a bank, a government security officer, or whomever, the hacker will attempt to get money or sensitive information from their target, such as Social Security numbers, credit card numbers, or banking passwords. You may be sold a “free vacation” if you’ve stayed at a certain hotel before, offering two-for-one deals on a trip to Mexico. You may be told “your Social Security number has been cancelled” and you need to speak to a representative immediately.
How Do I Identify a “Visher”?
Typically, fishing scammers, or vishers, will offer too-good-to-be-true deals or vague threats of government action or, ironically, potential exposure to hackers. The carrot or the stick method, to get you either enticed or scared enough to do what they say. So first thing is first, don’t let them overwhelm your emotions. Calmly listen to wha they are saying, and see if it all adds up. Remember, if it sounds too good to be true, it probably is.
Be on the lookout for:
- Offers from companies you haven’t dealt with
- Offers of a prize for a contest you did not enter
- Free money for an upfront investment
- A caller pressing you to make an immediate decision, to give them:
- Money
- Financial or personal information
- Contact information
- Threats of action against you
- Unprofessional language
- Unsolicited calls offering to help with your finances
Sometimes, vishers will claim to be from your bank, telling you there is a problem with an account payment. They might ask that you give them your card information to complete the transaction, but they are really just stealing from you. Most banks as a policy will never ask for your sensitive information over the phone. If you get a call like this, hang up, and call your bank. If they never called you concerning this, make sure to report it.
So do I get hacked if I answer the call?
No. Vishers can only get your information if you give it to them. None of your data can be gotten from a phone call, so as long as you stay wary of unsolicited phone calls, you can protect yourself.
How can I stop receiving unwanted calls?
There are a host of resources you can use to make sure you stop getting telemarketing and robocalls.
To stop telemarketers there is the Do Not Call registry, which you can be added to by:
Visiting the FTC website at https://www.donotcall.gov/register.html
Or Calling the FTC directly at 1-888-382-1222
To stop robocallers, simply report the number to the FTC online, or call the FTC 1-888-382-1222.
To report other numbers you believe to be scammers, you can:
Call 1-877-FTC-Help
I may have been fished. What do I do now?
If you’re afraid that you’ve been vished, you need to notify your customers immediately. Then, you need to alert the authorities in order to take the next steps to protect yourself and apprehend those responsible.
Report the incident to the FTC and the FBI, and have your customers reach out to identity theft resources, such as www.IdentityTheft.gov, where they can get the help they need should their information be compromised.
When Has This Actually Happened?
According to a report by the Wall Street Journal, fraudsters have used AI to impersonate the voice of the CEO of a UK-based energy firm, in the first attack of its kind. In doing so, they managed to steal over $243,000.
The fraudsters asked employees of the company to send money to a supplier based in Hungary, and were promised a refund. However, this money was never refunded, and in fact more money was later demanded. The firm refused the second demand after learning of the fraud, and have launched an investigation into the actors responsible.
The company was later compensated for their loss.
In another situation, just last year a man was contacted by a number that matched his credit union, being greeted by a female voice alerting him his card may have been used in a different state. She even had the last four digits of his card, to make everything seem legitimate.
The voice went on to coax his home address, mother’s maiden name, CVV, and PIN number from him over the phone.
A later review of his account information did indeed show fraudulent charges, however they seemed to have come from the people who targeted him.
“People I’ve talked to about this say there’s no way they’d fall for that, but when someone from a trustworthy number calls, says they’re from your small town bank, and sounds incredibly professional, you’d fall for it, too,” the man said.
That’s precisely how phishing – and vishing – work. The hackers target people’s emotions and psychology, which are far more vulnerable to breach than any computer system.
Just last month, in the wake of the Equifax breach settlement, the FTC was warning people of scams, where hackers were pretending to be from Equifax requesting sign-up fees to be enrolled in the settlement program, as well as stealing sensitive information.
With stories like these, it can make transactions harder and harder to trust. While this particular situation may have been more difficult to avoid, you can avoid vishing scams by staying alert and suspicious of any call you get, especially where the caller is demanding money. Verify the call first, and never give out highly sensitive – especially banking – information over the phone.
It is also important that you notify your family members and loved ones, especially if they’re older or less tech-savvy, of these risks. The more people know about this, the more difficult it can be for hackers and scammers to take advantage of people.
You don’t have to be a victim of vishing. Equipped with this knowledge of how this scam works, what to look out for, and protect yourself, you should be able to better protect yourself from this sort of attack. Remember, stay safe, stay suspicious of unsolicited calls, and stay diligent.
Sources:
- https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402
- https://safecomputing.umich.edu/be-aware/phone-scams
- https://cyware.com/news/fraudsters-make-away-with-243000-by-impersonating-company-ceo-in-new-voice-phishing-attack-c8dc188d/
- https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/
- https://www.lifelock.com/learn-data-breaches-beware-of-equifax-breach-scams.html
- https://www.ftccomplaintassistant.gov/#crnt