Last Updated on December 16, 2022 by Rashid Hassan
Among the long list of scams, scams and frauds that cybercriminals can carry out at low cost and with less risk to them, the so-called “vishing” is not one of the best known despite not being anything strictly new. Scams that start with a phone call have been around for many decades, but technology has allowed them to reach a level of sophistication unthinkable not too long ago, and the context has done the rest.
Social engineering, massive leaks of individual data that is easy to locate on the Internet and can be used by anyone unscrupulous enough, VoIP services, and software tools that allow forging caller IDs have paid the price. ground so that “vishing” has become a tactic as common as it is effective.
Already in 2020, the FBI warned of the growth of this type of fraud along with the growth of teleworking as a consequence of the restrictions imposed by the pandemic and alerts from the Internet User Security Office (OSI), the National Cybersecurity Institute ( INCIBE) and the security bodies and forces on this type of scam. We tell you what you need to know to be prepared against this type of fraud.
See Also The Best VPN for Xbox One and why you should use it
What is Vishing?
It is an anglicism that unifies the terms “phishing” and “voice”. “Phishing” are scams that are based on identity theft in which the cybercriminal pretends to be an entity that is trusted by the victim (a bank, a company, an official body, etc.) to obtain sensitive data such as banking information or others. Its most common and least expensive way is through fraudulent emails, which is what is understood by “phishing”. If the contact with the victim is initiated by an SMS it is what is known as “smishing” and if it is by a voice call then we are dealing with a case of “vishing”,
While the first two are the least risky and easiest ways to impersonate, “vishing” requires direct interaction with the scammers via voice call. Most people aren’t used to being fooled so directly, so a good vishing scheme is more likely to get results.
Social engineering is a common but not essential factor in these tactics. Having some data on the victim, such as the name and telephone number, makes it easier to impersonate a company that provides any type of service that the victim may be a customer and gives an impression of legitimacy. Lists of users’ personal data from security breaches are very easy to find on the Internet and one of the reasons why it is important to protect the privacy of personal data.
Other features that define “vishing” is the use of VoIP services (Voice over IP, that is, calls over the Internet) that make it difficult to track calls, automatic dialers that try phone numbers until they get a response and then connecting the victim to the scammer and the use of caller ID spoofers which allow for more convincing spoofing. That is, web services, “apps” and computer programs that allow the fraudster to choose the number with which it will appear on the victim’s mobile screen to modify the sound of their voice.
See Also 15 Bad Habits That Could End Your Design Career
What are the most common “Vishing” scams?
Cybercriminals often adapt their scams to the circumstances of the moment. In the current context of the energy crisis, a hoax presented as an advantageous offer from an energy distributor that requires the delivery of bank details is a much better option now than a year ago, for example. The most common “vishing” schemes, according to the security firm ESET, are the following.
Computer technical support
Given the ubiquity of the Windows operating system, Microsoft is one of the companies most often impersonated in this type of hoax, although any type of technical support can be worth it. In this case, the scammer does not need to extract sensitive data from the victim, but to convince them of the need to allow access to their computer through a remote access tool such as TeamViewer with the excuse of any technical or security problem detected by the false company.
Once connected to the victim’s computer, it is easy for the cybercriminal to deceive them by showing false indications of an infection; for example, through the usual error or warning messages often found in the Windows Event Viewer. With the victim convinced, they are urged to install a supposed antivirus or security “software” for a certain amount of money and with which the attacker will have access to the computer and its information whenever they want.
In this case, the criminals establish a telephone contact to report an alleged return of money for a service contracted in the past and that the provider company stopped offering. Based on this justification, the scammer persuades the victim to install remote access “software” on their computer and once this is done, they are urged to access their bank account from the compromised computer. In parallel, the transfer of the aforementioned return is simulated through a false website to then modify the amount subject to return and make it appear that more than what is due is being paid. The good faith of the victim is appealed to proceed with the return of the difference, at which time the scam is consummated.
Financial Problems/Legal Problems/Government Agency Impersonation
The attackers pretend to be the Police, a bank, a legal firm or a state body to report any problem or fraudulent movement associated with the victim or for being a beneficiary of some type of aid. With this excuse, the attackers request the delivery of personal information and in some cases access to the user’s computer to obtain sensitive credentials.
Some relative or close person is in trouble
Pretending to be an acquaintance or on behalf of that person, the attackers urgently request the recipient of the call the need to deliver money, either physically or through a bank account that will be provided by the same communication channel. On multiple occasions, aggressive emotional manipulation methods are used, such as false crying or appealing to an incident suffered by the victim’s supposed acquaintance, to add urgency to the deception.
What to do if you have fallen for a “vishing” scam?
The Internet User Safety Office recommends taking the following measures if you suspect that you have been the victim of a “vishing” scam:
1) Scan our device with an updated antivirus.
2) Delete any file that we have downloaded from the mail.
3) Block the number that has contacted us.
4) Change the passwords of those accounts that may have been violated.
5) Activate the verification in two steps in the accounts that allow it to avoid identity theft.
6) Contact the bank to cancel any unauthorized payment or cancel our card if necessary.
7) Collect all possible evidence and report it to the State Security Forces and Bodies