What is Phishing?
To first understand what is vishing, we must first have an understanding of phishing. At its core, phishing is a nefarious method to trick a person through some means of deceit. This can be achieved through either making the victim download malicious software or through tricking them with social engineering tactics.
Voice Phishing (Vishing)
Vishing is a form of phishing, one that is not performed over the computer like phishing. Instead, it is done through communicating over the phone or through VoIP. As a matter of fact, the word "vishing" is merely a short-handed way of saying "voice phishing". The methods typically used in this form of phishing are more focused on the social engineering aspects as they have to either convince the target to willingly hand over their personal information or trick them into doing it. Typically, the goal of these attacks is to obtain the victim's banking or card information so they can then use it freely.
Example of Vishing
In the modern world, attackers cannot rely too much on analog landline phones to accomplish this feat as they have traditionally been safe. However, by using VoIP, the attacker can spoof their caller-data to appear as someone they are not; such as a target's bank, calling to inform them that some fraudulent activity has occurred with their card information. At this point, the voice speaking is usually a voice synthesizer reading some prepared script which will provide the target with some number to call immediately for further instructions on how to stop this activity. This provided number will also have its caller-data spoofed as the target's financial institution and when they call it, they will be greeted by another machine requesting them to enter their banking information into the numpad for confirmation.
At this point, the target's information is recorded and the attacker has achieved their objective of getting the victim's card information. They may also try to gather further information on the victim such as their date of birth, Personal Identification Number (PIN) and so on during this process.
Tips to Protect Yourself
Typically, if you are receiving a call at random from a number claiming to be your banking institution, it is ideal to request to speak to an actual person and even more common in these scenarios than on a machine. Cases involving a person's bank account with suspicious activity detected on it are all almost exclusively handled in this way.
Be sure to have online banking setup on your banking account so you can check for yourself to confirm the statements being made. If there is suspicious activity occurring on your account, confirm it for yourself first to ensure the authenticity of the claims.
It is actually very uncommon and a bad-practice for banks to request you to enter any card or bank account information via phone. Some financial institutions may do this for the initial setup of your bank account PIN, but never again.
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.