What Is “Vishing” or Phone Phishing?

As technology develops, so does the ingenuity of attacks on sensitive information. Cybercriminals use electronic communication to appear legitimate and trustworthy while asking for personal information. Many phishing attacks happen over email, asking a person to provide account information, to click a link, or download an attachment. However, a phishing attack may also happen over the phone. When it does, it’s called “vishing.”

Vishing Definition

The term vishing combines the words “voice” and “phishing” to describe when a malicious and fraudulent attacker tries to gain personal information over the phone. Vishing has also been called phone phishing or voice phishing. Scammers may manipulate victims by posing as an institution while attempting to extract sensitive information of financial value. 

How Vishing Works 

These scammers may obtain large quantities of phone numbers from various sources, and use them to cast a wide net for potential victims. Vishing attacks may also be executed using a variety of tactics. Vishing attacks may include a basic voicemail, automated voice, or combined automated and live voice, that asks the victim to verify credit card information by typing it in on their phone, or by directing them to verify with an interactive response system. 

Some vishing calls are more like spear phishing. These calls are targeted and sophisticated, and may be harder to detect. Vishing scammers may perform research beforehand, or purchase a victim’s information. This data is used during the call to provide an appearance of authority or credibility. A visher may know what bank the victim uses and make a call claiming to be a representative. They may know personal information such as a home address, birth date, or the last four digits of a credit card.

Phone Number Spoofing

A scammer may deliberately deceive caller ID via phone number spoofing. This is done by using a fake phone number to disguise identity. Phone number spoofing is advanced enough that it may even mimic a local number to appear more trustworthy. This is known as neighborhood spoofing. A number may be spoofed from a company or government agency to lend credibility to the call. The danger of this tactic is that if the victim doubts the authenticity of the call and does research on the number, they may see that the phone number is tied to a legitimate agency and wrongly trust the scammer.

How to Protect Yourself Against Vishing Attacks

As with all cyber attacks, there are some general principles that may serve to protect against vishing attacks. Create multiple phone numbers with an app when signing up for promotions, subscriptions, selling on craigslist, shopping, or when giving away personal contact information may offer protection if a third party is hacked. Control and secure the information you send in texts and emails to ensure your information is safe and more difficult to access.

Do not respond to or accept calls from unknown numbers. If you do answer, and recognize it’s a scam, hang up immediately. It is important to refrain from giving out any type of sensitive or identifying information, birth dates, addresses, credit card numbers, or social security numbers, unless the origin of the call has been authenticated. Be aware that a tactic of many vishing scammers is to seal the deal and press you to deliver information immediately. If you are speaking with a legitimate representative of an organization, they are willing to be more patient and wait for you to come to a decision.

Voice phishing scammers have the ability to spoof phone numbers from legitimate agencies, but they cannot redirect calls made to the legitimate phone number. If you ever suspect fraud, offer to call back using the official number found on a verified website. A legitimate representative will understand, while a scammer may begin to panic. If you ask for a number you can call them back at, you may be given the vishing scammer’s number, which can be provided to the Federal Trade Commision (FTC).

Report Vishing Phone Numbers

Recognizing and reporting vishing phone numbers to the FTC can help protect others. Asking for a call back number after detecting a scam and reporting this number to the FTC will help future would-be-victims who may not have discovered a scam. The FTC can take vishing numbers offline and/or take action against the scammers themselves.

Image Source: https://cdn.pixabay.com/photo/2015/03/26/09/44/cell-phone-690192_960_720.jpg

Suggested articles:

The Top 10 Ways Bad Actors Use Your Stolen Personal Information

A bad actor isn’t only a poorly skilled thespian (ha ha). It’s also a person (or group) who intentionally acts to cause harm to a…

Can an Existing Digital Identity Wallet Leverage a Hardware Security Module to Meet New EU Standards?

Anonyome Labs will co-present a paper with Australia’s Queensland University of Technology (QUT) at the 8th Symposium on Distributed Ledger Technology in Brisbane, Australia from…

Aries VCX: Another Proof Point for Anonyome’s Commitment to Decentralized Identity 

For nearly two years, Anonyome Labs has co-maintained an open source project from Hyperledger called Aries-VCX. VCX is an important decentralized identity (DI) community project,…