Hello…is it my identity you are looking for??
In previous blogs I have discussed phishing and how hackers use social engineering via email or in person to trick you into divulging private information. That is not the only way they do it, they also use phone calls. This way of scamming is called Vishing.
I know it seems hard to believe that you can fall victim via the telephone even though you know that you shouldn’t give out any information to just anyone but just like the other form’s hackers use, they rely on you being caught off guard and they make themselves sound so believable that you willingly proceed with whatever it is they are requesting. They use spoofed numbers or caller ID so it is not detected as spam or unknown, it is a similar technique to email spoofing, so that you answer the call.
They may not even contact you to get your personal information, they can find out about you via social media portals or off a list from a previous breach, and call your service provider and stage a call pretending to be a family member and attempt to get passwords changed or acquire more details about you.
Another way hackers use vishing is by setting up an automated recording to call you pretending to be from your bank and warns you that your credit card details have been flagged for fraudulent activity. They will ask you to provide credit card numbers, PINs, ID numbers to verify your account or they provide another spoofed number where they say you can call to speak with someone to continue with the verification.
Sophisticated hackers will do a vishing and phishing attack at the same time to make it even more believable. They will do the call and then send a follow up verification email which will lower any suspicions because it must be legitimate if they have both those details right? Wrong, that is exactly what they want you to think in order to get as much out from the scam.
Identity theft is normally the reason the cyber criminals use vishing to get information. Identity theft if successful, can cause major damage to you and those around you. It can lead to debt if the cyber criminal gets hold of your credit card details and is not caught in time.
If the hacker has access to your bank account, they will draw out the money at an ATM and leave without a trace. This is why keeping an eye on the movements in your account is so important, they often test with small amounts and when this is not picked up, they will draw a lumpsum.
To avoid falling victim to vishing:
- Be aware. Know that these scams happen.
- Don't trust caller ID, as mentioned earlier caller ID spoofing is easy. If someone is selling you something or asking for information, tell them you will call them back so that you can verify the company is legitimate.
- Make sure to find out the type of information these organisations would actually need. Find out from your bank or any of your other service providers, the legitimate process they require if they suspect any unusual behaviour on your card. This way you will know for sure that if you receive a phone call or an email, requesting confidential or personal information, it is a scam.
- If it's a bank or credit card company, call them back using a number from your bill or your card.
- Never provide credit card information or other private information to anyone who calls you. Especially no PINs / CVV numbers or passwords.
Let’s get real!