TechLand Blog

Vishing: The number you have picked is unsafe. Be cautious!

Imagine a bank representative calling you and professionally narrating your personal details to eventually inform you that your account has been blocked.

The first reaction from our end would be to ensure that we unblock the account. To do the same, we go to the extent of providing confidential information and end up falling prey to a trap we call vishing.

In contrast to other forms of phishing which involves text messages, vishing happens through oral communication between the attacker and the victim over a phone call. The attackers use social engineering to convince the victim that they are in an authentic conversation; thereby persuading them to supply sensitive details to avoid harsh consequences on their bank account. 

Let us understand vishing in detail.

What is vishing?

As stated earlier, vishing is a form of phishing attack which involves the attacker calling up the user with an intention of making them undertake an action which is in their “best interest.” These actions can range from supplying their bank account or Social Security Numbers to CVV numbers of the credit cards. 

Now you may ask, why would an individual supply such sensitive details to the fraudster? This is where we speak about the social engineering tactic used by fraudsters. Through some initial research, they gather details about the victims before getting on a call. Once done, they call up the victim, orally furnish and verify the details gathered and win the trust of the users. Once the trust is developed, they plant the bait and persuade them to disseminate the confidential details. 

Fraudsters also take complete advantage of the timing and the environment in which these attacks are executed. For example, during tax season, they state that they are calling from the government department and force the victims to provide their bank account details to avoid legal charges, fines, account suspension, etc. 

What does a vishing attack look like?

No alt text provided for this image

Vishing techniques you must know

1. VoIP

Voice Over Internet Protocol (VoIP) technology makes it easier for fraudsters to create fake phone numbers allowing them to make a call using a broadband internet connection instead of a regular phone line. Fake numbers that have pre-fixes of a certain area code or ones appearing to come from a government department, hospital etc. can be easily created. These are usually non-trackable numbers. 

2. Caller ID Spoofing

As the name suggests, fraudsters can spoof the caller ID with titles like Unknown or Tax department, Government department, etc. to represent themselves as legitimate caller. 

3. Wardialing

This sophisticated vishing technique involves calling a person using specific area codes along with a message from local departments like police, hospital, banks in the areas etc. Once the call is answered, a pre-recorded message begins urging the victim to supply card details, mailing address, social security numbers etc. The message also creates a sense of urgency by informing the victim that the details are required to avoid account suspension or similar harsh consequences. 

How to protect against vishing?

1. The first rule is to never supply any confidential information related to your bank account or work to an unidentified caller. Banks never ask for your personal details and the moment this question is asked, it is a clear sign of a vishing attack. Immediately cut the call, block the number and report it to the local authorities

2. Never pick up calls from IDs that are unknown. In case you end up picking, listen carefully to the caller. Focus on the tone and the moment there is a sense of urgency created or a threat used to persuade you to furnish personal details, consider it as a red flag and end the call

3. Avoid responding to unknown emails that ask for your phone numbers. The phishing emails serve as a pre-empt to the vishing attack. On receiving such emails, report it to the tech team of your organization

4. Callers who demand work-related information through your personal contacts or personal mail IDs can be a source of potential vishers. Always verify any such message with your colleagues or managers before undertaking any action

5. Beware of platforms where you share your contact details. While signing up online for any form of digital content like receiving newsletters on important topics, verify the authenticity of the platform before providing your mailing address or phone number.

Leave a Reply

Your email address will not be published. Required fields are marked *