Vishing is the practice of using social engineering over the telephone system with the purpose of stealing sensitive financial information or other sensitive personal data from a victim. Vishing is one of the most serious threats today and is widely perpetrated by criminals.
The word “vishing” is a combination of two words “voice” and “phishing”. In this technique, attackers use the telephone system to do phishing and hence the name.
Vishing is typically used by criminals to steal sensitive banking information like account number, PIN, password, OTP, and credit card numbers or to steal other personal details of users that the attackers can exploit to perpetrate identity theft.
Attackers often use VoIP and an automated system like IVR to perpetrate vishing. They may even use techniques like War Dialing and Caller ID Spoofing to serve their purpose.
How does Vishing work?
Attackers may perpetrate vishing as mentioned below.
Criminals first harvest phone numbers of potential victims. They may use several techniques for that purpose. They may steal phone numbers from an institution or they may use war dialing to find out valid phone numbers.
The criminals then start making calls to potential victims. They usually use Caller ID Spoofing to deceive the victims and hide their identity.
In a vishing call, the attackers may trick a user in revealing sensitive financial details. They may say the call is from a bank and there is a problem with the user’s bank account or credit/debit card and the user needs to give his financial details to the caller in order to address the problem. The attackers may also use automated instructions to ask the victim to type in his credit card number, account number or PIN on the keypad. And, in some cases, the attackers ask the victim for his personal details that the attackers can later use to impersonate the victim for fraudulent purposes.
A real-life example of Vishing
A widely perpetrated vishing scam is Microsoft tech support scam. In this scam, the attackers typically call a victim posing as a member of Microsoft technical support and inform the victim that his computer is infected with malware which is generating all sort of errors. The attackers can then ask for remote access to the victim’s computer or ask the victim to download some software or fake anti-malware programs to solve the victim’s problem. Some attackers may even deceive a victim to reveal his bank account information to make a payment. In other words, the goal of this vishing scam is to infect the victim’s computer with malware or to steal sensitive financial details from the victims.
How to prevent Vishing?
Vishing is very difficult for legal authorities to monitor or trace. But, we can always take a couple of steps to protect ourselves up to a significant extent.
Never ever provide your financial details over the phone. A bank will never ask for your account number, credit card number, password or PIN over the phone.
If someone is asking for any OTP or One Time Password over the phone, be sure it is a scam. OTPs are meant for users only and no legitimate authority will ever ask for any OTP from any user.
Do not reveal any personal details or personally identifiable information over the phone. If you have any doubts, you can politely inform the caller that you are going to call back and then call the authentic number of the website/provider/institution to verify about the call. It is always better to be safe than sorry.
If you get a call informing any of your web accounts is having some problem, please do not reveal any information immediately. You can always log in to your account visiting the legitimate website and verify whether there is any such notification or you can call the legitimate customer care numbers and clarify.
Get your number registered on the National Do Not Call Registry to block automated calls. It may not stop vishing, but you would get far fewer automated calls than you are used to.
Do not trust the caller ID of a phone call. As said above, attackers can very easily spoof that.
If you think you have fallen victim to vishing and your financial information are compromised, immediately call the bank and report the incident. Verify whether there is any unauthorized transaction. Also, immediately change your IPIN, password, ATM PIN or other credentials that may have been compromised.
It is always good to report vishing incidents to appropriate legal authority. It often helps a lot in catching the actual criminals.
So, to summarize, never ever reveal any financial information or any personally identifiable information over the phone. It is always good to verify the authenticity of a call before responding. Be informed about various security threats and stay safe and stay secure.
The word “vishing” is a combination of two words “voice” and “phishing”. In this technique, attackers use the telephone system to do phishing and hence the name.
Vishing is typically used by criminals to steal sensitive banking information like account number, PIN, password, OTP, and credit card numbers or to steal other personal details of users that the attackers can exploit to perpetrate identity theft.
Attackers often use VoIP and an automated system like IVR to perpetrate vishing. They may even use techniques like War Dialing and Caller ID Spoofing to serve their purpose.
How does Vishing work?
Attackers may perpetrate vishing as mentioned below.
Criminals first harvest phone numbers of potential victims. They may use several techniques for that purpose. They may steal phone numbers from an institution or they may use war dialing to find out valid phone numbers.
The criminals then start making calls to potential victims. They usually use Caller ID Spoofing to deceive the victims and hide their identity.
In a vishing call, the attackers may trick a user in revealing sensitive financial details. They may say the call is from a bank and there is a problem with the user’s bank account or credit/debit card and the user needs to give his financial details to the caller in order to address the problem. The attackers may also use automated instructions to ask the victim to type in his credit card number, account number or PIN on the keypad. And, in some cases, the attackers ask the victim for his personal details that the attackers can later use to impersonate the victim for fraudulent purposes.
A real-life example of Vishing
A widely perpetrated vishing scam is Microsoft tech support scam. In this scam, the attackers typically call a victim posing as a member of Microsoft technical support and inform the victim that his computer is infected with malware which is generating all sort of errors. The attackers can then ask for remote access to the victim’s computer or ask the victim to download some software or fake anti-malware programs to solve the victim’s problem. Some attackers may even deceive a victim to reveal his bank account information to make a payment. In other words, the goal of this vishing scam is to infect the victim’s computer with malware or to steal sensitive financial details from the victims.
How to prevent Vishing?
Vishing is very difficult for legal authorities to monitor or trace. But, we can always take a couple of steps to protect ourselves up to a significant extent.
Never ever provide your financial details over the phone. A bank will never ask for your account number, credit card number, password or PIN over the phone.
If someone is asking for any OTP or One Time Password over the phone, be sure it is a scam. OTPs are meant for users only and no legitimate authority will ever ask for any OTP from any user.
Do not reveal any personal details or personally identifiable information over the phone. If you have any doubts, you can politely inform the caller that you are going to call back and then call the authentic number of the website/provider/institution to verify about the call. It is always better to be safe than sorry.
If you get a call informing any of your web accounts is having some problem, please do not reveal any information immediately. You can always log in to your account visiting the legitimate website and verify whether there is any such notification or you can call the legitimate customer care numbers and clarify.
Get your number registered on the National Do Not Call Registry to block automated calls. It may not stop vishing, but you would get far fewer automated calls than you are used to.
Do not trust the caller ID of a phone call. As said above, attackers can very easily spoof that.
If you think you have fallen victim to vishing and your financial information are compromised, immediately call the bank and report the incident. Verify whether there is any unauthorized transaction. Also, immediately change your IPIN, password, ATM PIN or other credentials that may have been compromised.
It is always good to report vishing incidents to appropriate legal authority. It often helps a lot in catching the actual criminals.
So, to summarize, never ever reveal any financial information or any personally identifiable information over the phone. It is always good to verify the authenticity of a call before responding. Be informed about various security threats and stay safe and stay secure.
Comments
Post a Comment