Vishing is a phishing attack done through a phone call or voicemail and it’s becoming more popular everyday. Through a combination of emotional manipulation and scare tactics, malicious actors are able to trick people into giving up their private and important information. Annoying calls from robots are one thing, but it can be extremely difficult for a person to just hang up the phone when they hear a real human on the line, telling them that they’re in danger.
Along with social engineering, hackers spoof real phone numbers in an effort to lead the victim to believe the calls are legitimate. That being said, it’s unsafe to blindly trust whatever number pops up on your caller ID. Even if you don’t answer the phone, the attack will continue through voicemail.
Deep Fake Technology
Although a lot of vishing calls are made by a real person, some are fully automated. What you end up hearing sounds exactly like a human. Deep fake technology is artificial-intelligence based. In these cases of vishing, malicious actors use some form of voice generation software to impersonate a real voice.
The most relevant real-world example occurred very recently in 2019. A deep fake convinced a UK-based energy firm’s CEO to transfer $243,000 to a Hungarian supplier within an hour of receiving the call. The CEO was under the impression that he was given these orders by the CEO of his parent company based in Germany and was told it was urgent. Additionally, the voice had a German accent making it all the more convincing. The funds were eventually moved to various other locations, including Mexico, and the culprits still haven’t been found.
Vishing Scams Can Vary
One of the most popular forms of vishing, targets bank related information. In most cases the victim will receive a voicemail letting them know that their account has been compromised and must be reset. For the cybercriminal, a best-case scenario would mean that the message makes the recipient panic and forces them to dial the number back. This usually leads them to an automated recording asking them to verify some piece of sensitive information whether it’s a bank account or a social security number. Due to the fact that the caller believes they are resolving a security issue by providing this information, they don’t think twice before giving it away.
Fake Prizes and Contests
Another popular form involves a fake prize or offering. The victim is usually left a voicemail saying they are the lucky winner of something extravagant. In order to claim their prize they’re required to pay shipping and handling. Unfortunately, if the prize is cool enough, this will push a victim to hand over their credit card details. If you didn’t enter any kind of contest, odds are you didn’t win anything and should approach the conversation skeptically.
Telemarketing fraud can take a few forms. You may receive a call from a “credit card company” notifying you that they have an interest rate reduction promotion. These can also pop up as a request for charitable donations, unrealistic business investments, or a notification about your expiring car warranty. Vishers will basically try anything until they find the right victim. They use very specific language during these calls and voicemails as well. Ultimately, if the phone call results in a stranger asking you for personal private information, you should hang up immediately.
There are a few different kinds of vishing schemes that involve government impersonations. Many times, the impersonator will claim they are from the IRS and that you owe taxes. They will also threaten to arrest you or take away your license if you don’t pay up immediately. That kind of threat from an organization that actually exists is more than enough to get someone to give their money away.
If you’re actually concerned about the status of your taxes, contact the IRS directly. A government impersonator may also call insisting they’re from Medicare and that you’re overdue for a new card. They will then ask you to confirm your Medicare number which unfortunately is also your Social Security Number. Even though this isn’t something Medicare actually does, people still fall for the scam.
Don’t be a Victim
Generally speaking, you should be suspicious of all unknown callers. The safest practice is to let those numbers go to voicemail. You also shouldn’t trust your Caller ID. Some vishing calls will actually pop up as a legitimate business. If you do decide to answer the phone and the caller begins selling you something, ask as many questions as you can. You can insist on calling them back as well. In the meantime, search them online to see if they’re a real person calling from a legitimate organization. Social engineering preys on the trusting and sensitive nature of humans. It’s important to keep your cool and hang up before giving out any information.