Tips to Avoid Phishing # 6 — Voice Phishing (Vishing)

By Dejan Dundjerski via

Voice phishing, called ‘vishing’, is less common than internet phishing, but it can be just as devastating. In a vishing scam, criminals will call an individual or a company, either in person or using an automated message, and attempt to extract information which they can use to steal or extort money.

The most typical vishing scam is a recorded message generated by a text-to-voice synthesiser. The message warns about unusual activity on a credit card or bank account and directs the person to dial a specific number to resolve the situation. Calling this number will take the victim to another automated message requesting they enter their card number and other details. Complying will allow fraudsters to access financial accounts, transfer money and run up debt.

Vishing scammers often use a fake number or caller ID to make the call appear more authentic. In some cases, they may even have the technology to intercept people who try to verify if the call is legitimate. If you hang up on a vishing call, and then immediately dial your bank, the scammer may be able stay connected and record all the information you give to the operator. You should absolutely double-check the identity of any caller asking for sensitive personal or financial details, but make sure to use a different phone.

In-Person Vishing Calls

Some more audacious criminals may call in person or even use advanced voice disguising software to conceal their identity. Many in-person vishing calls target company personal, especially help-desk operators and tech support. The scammer will use personal details they find online to impersonate a customer and gain access to their account by resetting the password and redirecting the security settings. Professional privacy services, such as those offered by ReputationDefender, can help protect against this type of attack by limiting the amount of information you share online.

Some vishing attackers take the opposite tactic, calling customers directly under the guise of technical support personnel or bank fraud investigators. In one well known scam that has been effective against victims in the UK and other English speaking countries, an attacker posing as Microsoft technical support warns victims that their computer has been infected with malware. The victim is directed to go to a specific website and download the fix. Depending on the case, criminals either sold victims a fake antivirus program, or offered a free download that installed malware capable of stealing financial details and personal information from the computer.

Protect Against Vishing

Like other phishing attacks, the best way to protect against vishing is to double check anything anyone tells you over the phone. Sign into your online account to see what’s going on, or call an official number on a different phone. Don’t download any software without first verifying the source and the author through an official channel.

To avoid becoming a vishing target, limit the amount of information you share online and don’t use security questions (like the name of your pet) that can be found just by looking through public Instagram pages. If hackers decide you are an easy target, they will go to great lengths to comb all of your accounts and put together enough information to impersonate you. For more information of how to stay safe, contact our security experts at ReputationDefender.