This week we discuss the cyber attack called Vishing. We all get that random call. That one that we blow off or makes us scratch our head and say, "How did they even get my number?"
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing is much like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone.
The potential victim receives a message, often generated by pre-recorded voice or speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial services in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency.
This is something that happens more and more. They are sophisticated enough that the pre-recorded voice mail is not sent to your phone and your phone never rings or registers a call from the source number. We can call it robo dialing but it is really a targeted campaign that separates you from your wallet or personal information.
Why is this important to you, your customers, and business partners? This is an active attack surface for malicious actors over the VOIP and voice medium. Your systems are vulnerable from a delivered voice malware by directing you to a site or directing you to reach out to a contact where they seek out personal or professional information. Helping support and stop the vulnerability point is one place we can be supportive of our partners and customers.
Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless.
Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with.
Learn more about our cyber security services. Don’t hesitate to contact us with any questions you might have about pricing, implementation or cyber security strategy.
Must Reads