Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Public money, private plans: MPs demand Post Office transparency

      13 June 2025

      Coal to cash: South Africa gets major boost for energy shift

      13 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      10 red flags for Apple investors

      13 June 2025
    • World

      Yahoo tries to make its mail service relevant again

      13 June 2025

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » Vishing: What is it and how do I avoid getting scammed?

    Vishing: What is it and how do I avoid getting scammed?

    By ESET14 June 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    We’ve all heard of phishing, the tried-and-tested e-mail scam that spoofs authoritative sources to trick recipients into handing over sensitive information or downloading malware. Well, vishing is its voice call equivalent. It’s a con trick with many variants that can impact individuals and organisations alike — with potentially devastating consequences.

    Together phishing, smishing, pharming and vishing cost more than 241 000 victims more than US$54-million in 2020. And that’s just the cases that were reported to the FBI, as many cases of fraud go unreported.

    So how do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself from them?

    The problem with social engineering

    Vishing works across the consumer and business sphere for one good reason: human fallibility. Social engineering lies at the heart of the bad guys’ efforts. It is, in effect, the art of persuasion. Social engineering is about impersonating a trusted authority — your bank, technology provider, the government, an IT helpdesk worker — and creating a sense of urgency or fear that overrides any natural caution or suspicion the victim may have.

    Would you take the bait? Take our phishing quiz to find out

    These techniques are used in phishing e-mails and fake text messages (known as smishing). But perhaps they’re most effective when used “live” over the phone. Vishers have several additional tools and tactics to make their scams more successful, including:

    • Caller ID spoofing tools, which can be used to hide the scammer’s real location and even impersonate the phone numbers of trusted organisations. Last year, for example, clients of the Ritz London hotel had their personal details stolen during a breach at the luxury hotel and the scammers then used the data to mount convincing social engineering attacks against the victims, spoofing the hotel’s official number in the process.
    • Multi-channel scams that might start with a smishing text message, a phishing e-mail or a voicemail and encourage the user to call a number. Doing so will put the victim through directly to a scammer.
    • Social media scraping and open-source research, which can provide the scammer with a wealth of information on their victims. It can be used to target specific individuals (say, corporate employees with privileged accounts) and to add legitimacy to the scam – the visher may repeat back some personal details to the victim so that they might divulge more.

    The impact of vishing in the workplace

    Vishing is most likely in corporate context to be used to steal privileged credentials. The FBI has warned multiple times of such attacks. Back in August 2020, it detailed a sophisticated operation in which cybercriminals researched their targets and then called pretending to be from the IT helpdesk. Victims were encouraged to fill in their login details at a previously registered phishing site designed to spoof the company’s VPN login page. These credentials were then used to access company databases for customers’ personal information.

    Such attacks are more commonplace partly thanks to the mass shift to remote working during the pandemic, the FBI warned. In fact, it was forced to issue another alert in January 2021 for an operation in which similar techniques were used to gain corporate network access.

    A now-infamous breach at Twitter, in which highly targeted employees were tricked by vishers into revealing their logins, illustrates that even tech-savvy companies and users can fall victim. In this case, access was used to hijack the accounts of celebrity users to distribute a cryptocurrency scam.

    How voice phishing can hit my family

    Unfortunately, vishing scammers are also out in force to target consumers. In these attacks, the ultimate goal is to make money from you either by stealing bank account or card information directly or tricking you into handing over personal information and logins they can use to access these accounts.

    Here are a few typical scams:

    Tech support scams
    In tech support fraud, victims are often cold-called by someone pretending to be their Internet service provider, or a well-known software or hardware vendor. They’ll claim to have found a non-existent problem with your PC and then elicit payment (and your card details) to fix it, sometimes downloading malware in the process. These scams may also begin with a user presented with a pop-up window that urges them to call a hotline number.

    Wardialling
    This is the practice of sending automated voicemail messages to large numbers of victims, and usually tries to scare them into calling back — for example, by claiming they have tax bills or other fines unpaid.

    Telemarketing
    Another popular tactic is to call up claiming the recipient has won a fabulous prize. The only catch is that there’s an upfront fee required before the victim can receive their prize.

    Phishing/smishing
    As mentioned, scams can begin with a spoofed e-mail or fake SMS, encouraging the user to call a number. A popular one is an “Amazon” e-mail claiming something is wrong with a recent order. Calling the number will put the victim on the line with a vishing fraudster.

    How to prevent vishing

    Although some of these scams are becoming increasingly sophisticated, there’s plenty you can do to mitigate the risk of falling victim. Some basic steps include:

    • Go ex-directory, so your number is not publicly available;
    • Do not enter your phone number into any online forms (like when buying online);
    • Be wary of requests for your bank, personal or any other sensitive information over the phone;
    • Exercise caution — don’t engage with any unsolicited callers, especially if they ask to confirm sensitive details;
    • Never call back a number left via voicemail. Always contact the organisation directly;
    • Use multi-factor authentication on all online accounts; and
    • Ensure your e-mail/Web security is updated and includes anti-phishing capabilities.

    This promoted content was paid for by the party concerned



    ESET pharming phishing smishing vishing
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleSmart SUSE Linux Enterprise Server shifts the compatibility goalposts
    Next Article R385-million bid wins rocket trip to space with Jeff Bezos

    Related Posts

    TCS+ | From gen AI to deepfakes – the latest infosec threats

    1 October 2024

    TCS+ | ESET’s Adrian Stanford: how AI will transform cybersecurity

    10 June 2024

    AI’s double-edged sword requires a human security approach

    4 June 2024
    Company News

    Huawei Watch Fit 4 Series: smarter sensors, sharper design, stronger performance

    13 June 2025

    Change Logic and BankservAfrica set new benchmark with PayShap roll-out

    13 June 2025

    SAPHILA 2025 – transcending with purpose, connection and AI-powered vision

    13 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.