The world has become a dangerous place with the ever-evolving forms of cyberattacks. With the advancement in security technologies, the internet has become safer, but cybercriminals are also advancing themselves to find one or more ways to conduct illicit activities.
If directly attacking any system is challenging, the intruders use indirect ways such as social engineering attacks for the infiltration. One of the most common social engineering attacks is Phishing.
If you are familiar with the term Phishing, you might think of it as the social engineering attack in which the victims are psychologically manipulated to provide essential information and download malicious applications through emails. However, Phishing is pretty vast and not just limited to emails. There are various other forms that are popular among attackers for conducting Phishing. One of those is Vishing.
So, what is Vishing? What are its types? How can you avoid Vishing happening to you?
Let’s discuss all these questions in detail.
What is Vishing?
Almost every cell phone user might have received calls where the caller talks about offers like credit card proposals, jackpot offers, security alerts, and more. Most of these calls are scams and just for luring the receivers into a trap, i.e., perform Phishing. Such an act in which scammers use phone calls to trick users into providing confidential information is known as Vishing.
Vishing is the combination of the terms “Voice” and “Phishing.” During Vishing, the cyber scammer uses various social engineering tricks to dig out details like the receiver’s social security numbers, bank details, credit card numbers, and more. The scam callers are trained professionally so that they can comfortably pretend to be genuine officials, and the receivers won’t doubt their originality.
To lure users into their vicious trap, the callers would use various tactics. For example, they can scare users by telling them that their bank account is compromised and ask them for confidential details to fix the account. In fear of losing their money, users may readily provide the asked for details. Another example is the fake support scams like Helpme.net. The caller pretends to be from an official organization like Microsoft or Apple and asks the user to provide access to their device for fixing critical issues. Basically, the attackers behind Vishing try to take advantage of the user’s urgency, fear, and greed.
Types of Vishing
Considering various factors, like the target’s psychology and more, Vishing can be conducted in the following ways:
Telemarketing Vishing Scams
The telemarketing scam is the most common Vishing type. Many phone users might have received calls from fake individuals pretending to be from an official organization telling them they have won a lottery from XYZ company or a full-paid travel package from ABC Travel company. Such calls are most likely to be fake, and their only purpose is to somehow force users into providing the details they require. Over time, Telemarketing Vishing has become ineffective because people are more aware than before. However, even if a scammer can get a 2-3% success rate, it would be enough for them as Telemarketing Vishing does not require much investment.
Loan or Investment Offers
In this type of Vishing, the phishers would attract users by offering them loans with a low-interest rate and more similar tactics. Similarly, many scammers would provide too good to be genuine investment schemes to get the receiver’s attention and then trap them into the scam. Many users get blinded by greed and provide their sensitive information in return for getting unrealistic offers.
Many of you might have received a call from an individual pretending to be from the government organization and offering you to help in getting benefits of government schemes. Such callers are nothing but imposters who lure users by giving fake promises and get their classified details in return.
Tech Support Vishing
Another common phone call scam that has rapidly increased is fake tech support. The callers introduce themselves as the technician from a legitimate platform, like Microsoft, Apple, Intel, or others, depending on the device or service you are using. They would tell you about the imaginary bug in your system and ask permission to access your device to solve the issues. Users in anticipation of getting free service for fixing their device would readily grant them the required permissions.
How can you avoid Vishing?
To avoid Vishing, the most important thing is to be self-aware and follow your instincts. Here are a few tips to prevent Vishing from happening to you:
- Use services like TrueCaller that help you know who the caller is before you answer their call. Such services also tell you the spam level of the number from which you are receiving the call.
- If a caller reveals themselves to be from a particular company, ask their name and search on the internet or directly request that company to verify the identity of the caller.
- While on a call, if you detect that the caller is a scammer, immediately disconnect the call and block the number.
- Never call the numbers you receive on emails or SMS that ask you to contact them to get offers or services.
- Regularly update yourself with the latest tricks that intruders use to lure users into Vishing or other scams. You must also educate your family members and friends about the same.
- Never provide your confidential information through phone calls, SMS, or emails. No reputed organizations acquire their customer details through such mediums.
- Never get trapped in too good to be true offers, especially when it comes through phone calls. Even if you want to give them a try, never do it at the expense of your classified details.
Even though the users are becoming more and more self-aware, Vishing and other Phishing scams are always on a roll. It is mainly because of a lack of judgment from the victims. Cybercriminals take advantage of the poor decision-making abilities of people and create panic or excitement so that people make mistakes. On top of that, intruders involved in such scams are well trained to handle every possible situation. So, the best way to keep distance from such scams is the awareness and use of common sense.
About the Author:
Peter is a tech enthusiast geeking out on new technological trends. He works as a cybersecurity consultant and writer at MalwareFox.com. You can find him cooking up an MCU theory when he is not writing walkthroughs for beginners in the computer field. Catch him on Quora and LinkedIn
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky