Vishing attacks are voice-based phishing attacks where scammers attempt to trick victims into giving up sensitive personal information over the phone.
It’s probably the oldest scam in the book. Nowadays the technology is smarter; calls might use VOIP or automated voice simulation technology. But technology aside, scammers still call people on their phones much the same way that they have been doing for decades.
Types of vishing attacks
Vishing attacks are usually partly automated. Automated processes make it faster and easier for attackers to target people.
Cyber criminals usually pretend to be a legitimate business, leaving messages to try and get people to call back and divulge personal information.
The good old telemarketing approach still works. Sometimes victims are cold called with an offer. It might be as simple as an offer for a low-interest credit card or requesting a donation to a well-known charity.
Tech support scams take advantage of people who are less tech savvy and fearful of being hacked. The hacker installs malware on their computer which pops up warnings about a technical problem. The message gives the victim a number to call and the hacker charges them to ‘fix’ their computer.
Spear vishing
Targeted vishing attacks are harder to spot. Spear vishing sees the scammer using personal information about the victim. This information will have most likely have been exposed from hacked websites, bought on the dark web, and/or researched online.
A
First Orion study found that 75% of victims said that scammers already had some of their personal information. Personal information is leveraged to gain trust and extract further information. The more information they have, the more damage they can do.
With less people answering phones from unknown numbers, talented vishers are spoofing real phone numbers as well.
Attackers might pretend to be from the victims bank and claim to be following up on some fraudulent charges. Offering a new eftpos card and getting the victim to enter a new PIN over the phone would see them clone the card and spend up large.
When spear vishers go after bigger targets, like CEOs, it’s called whaling. Big wins make it worthwhile patiently building up information about the target through other social engineering approaches, such as phishing emails and malware. If the potential reward is great enough, it can be worth their time to build a convincing identity that will inspire trust in even the most well educated and tech savvy victim.
Smart attackers call on a Friday afternoon when their target is more likely to be tired or distracted.
Why vishing works
Vishing exploits the fact that people are more likely to trust a human voice, and vishers are known to target seniors and people who aren’t too confident with technology.
When attackers already have some personal information about the victim, calls can sound quite legitimate. And when the attacker pretends to be from a company the victim already knows and trusts, it’s a winning combination.
As the phone calls are typically placed over VOIP services, it is easier for attackers to automate some of the process. This conveniently makes it harder for the victim or the police to trace, as well.
Help protecting your business from cyber criminals
Most small businesses do not have enough
cyber security layers in place to fully protect their business. Are you doing enough?
Contact us for a confidential chat about your personal or business circumstances and we can advise you on what protection you need. Or we can take care of everything so you have total peace of mind with our
Small Business Cyber Security Support Package.