Phishing as a popular form of cyber fraud is widely known. But cyber criminals do not always rely on fake e-mails or websites. Voice phishing, so-called vishing, is a special form of phishing. In this case, the fraudsters use IP technology to make fraudulent calls in order to elicit sensitive data from their victims, such as passwords, banking information or personal data. The business is efficient because such attacks can be carried out cheaply and involve little risk for the perpetrators, as their identity and telephone number remains concealed. In addition, a few pieces of information are already enough to initiate a successful attack. The damage caused by vishing attacks worldwide is estimated at around 1 billion US dollars a year – although many attacks can be detected at an early stage and defended against before any significant damage occurs.
Recognizing and defending against vishing - what should you look out for?
To protect yourself effectively against vishing attacks, the following tips should be followed:
- Remain suspicious if unknown persons describe a problem with excessive urgency to you on the phone. Do not be tempted to disclose information too quickly.
- Do not give out sensitive information over the phone, even if the facts seem plausible.
- Verify the identity of the caller: If the caller claims to be a representative of a company or an authority, contact the company or authority via an official telephone number. Use a different phone number than the one you were called from.
Different stories, same game: Beware of the vishing trap
In vishing, attackers use perfidious social engineering methods to manipulate the victim's behavior. In that process, a story is constructed that suggests a plausible but urgent need for action. Whether it's supposed difficulties with computer software, an alleged lottery, or problems with one's bank account: The caller on the other end of the line usually offers to help you as an expert. However, the underlying stories always have one thing in common: the solution to the problem requires the disclosure of sensitive information such as bank details, passwords or personal data – because that is exactly what the attackers are after. In order to keep a cool head even in stressful situations and not fall unsuspectingly into the vishing trap, target group-oriented awareness measures and professional training solutions help. Security-Island offers multimedia e-learning for any number of participants.