Have you ever recieved a call where a person claims to be an official, bank employee or government personnel, asking to tell personal or financial information with the caller? Well, it’s very common and is known as Vishing. To be precise, vishing is just the fancy name of the fooling around that we all experience on a daily basis. Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share personal information. While vishing and phishing are both types of social engineering attacks and use many of the same tactics, the main difference between them is the medium used to perform the attacks. As mentioned above, vishing uses the phone to perform an attack. The attacker will call the victim – or trick the victim into calling them – and verbally attempt to trick them into doing something. Phishers, on the other hand, use electronic, text-based forms of communication to perform their attacks. While email is the most common and well-known phishing medium, attackers can also use text messages (called smishing),to perform their attacks.
Just like any other attack, the functioning of this attack involves three aspects:
The attacker: Cybercriminals and hackers that use varying ways of vishing to fool others.
The victim: It’s the individual or organization that ends-up compromising crucial information.
The vulnerability exploited: In vishing, the attack exploits a human’s tendency to panic or fear any mishappening. By adding a factor that makes people panic or worried, the attacker forces the victim to share crucial information.
The Process:
An attacker or group of attackers takes the help of a computing system that dials tons of numbers, featuring the same number combination, at once. Such bulk dialing is done in a hope that at least one or two calls will be connected to a potential/vulnerable victim. Once the call is connected, the attacker now takes the cover up of an authorized person or a representative of government agencies/bank/financial institutes and creates a situation that would ask for immediate action. For instance, the person with malintentions can tell the victim that the call is from the Income Tax department and the victim is eligible for a tax return to be claimed in the next one hour. To process the amount transfer, the victim has to share the right account details/net banking password/ATM PIN for verification right now. To pursue the victim, attackers can also present the after-effect picture if immediately asked actions are not taken. They can tell the victim that their bank account would be seized or they have to pay a heavy return. With all these things, panic is created around the victim and, one out of a hundred or thousand can fall into the trap. Earlier, the phone number, from which vishing calls were made, was displayed on the phone screen of the victim. But, the advanced calling technology that we’ve today is capable of hiding the identity.
How to recover from Vishing:
If you've provided your financial information to someone who you later think is a scammer, first call your financial institution. Whether it's your credit card issuer, bank, or Medicare contact, call and ask about canceling fraudulent transactions and blocking future charges.
You might also need to change your account numbers to make sure no one uses your existing accounts.
Freezing your card reports can help ensure no one can open new accounts in your name. Then file a complaint to police or the FBI's Internet Cyber crime department
While vishing attacks are crafted to trick you, it's possible to learn the red flags before you pick up the phone. Stay ahead of the cyberthieves who are trying to tap your personal details over the phone.
