TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Willington Ngwepe to step down as Icasa CEO

      10 August 2022

      Samsung unveils its latest foldable smartphones

      10 August 2022

      Cape Town’s DataProphet expands funding to R165-million

      10 August 2022

      The tech proves it: South African women are better drivers than men

      10 August 2022

      BT, Seacom sign ‘strategic alliance’ for enterprise services

      10 August 2022
    • World

      Jumia says it’s past peak losses, shares jump

      10 August 2022

      Elon Musk sells $6.9-billion of Tesla to avoid Twitter fire sale

      10 August 2022

      Nvidia issues profit warning on slump in demand for graphics cards

      8 August 2022

      Buterin: Mining on Ethereum Classic won’t affect Merge

      8 August 2022

      Musk challenges Twitter CEO to a public debate

      7 August 2022
    • In-depth

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022

      Webb telescope’s stunning images of the cosmos

      12 July 2022
    • Podcasts

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022

      Demystifying the complexity of AI – fact vs fiction

      6 July 2022
    • Opinion

      SIU seeks to set aside R215-million IT tender

      19 July 2022

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Sections»Information security»Vishing: What is it and how do I avoid getting scammed?

    Vishing: What is it and how do I avoid getting scammed?

    Information security By ESET14 June 2021
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    We’ve all heard of phishing, the tried-and-tested e-mail scam that spoofs authoritative sources to trick recipients into handing over sensitive information or downloading malware. Well, vishing is its voice call equivalent. It’s a con trick with many variants that can impact individuals and organisations alike — with potentially devastating consequences.

    Together phishing, smishing, pharming and vishing cost more than 241 000 victims more than US$54-million in 2020. And that’s just the cases that were reported to the FBI, as many cases of fraud go unreported.

    So how do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself from them?

    The problem with social engineering

    Vishing works across the consumer and business sphere for one good reason: human fallibility. Social engineering lies at the heart of the bad guys’ efforts. It is, in effect, the art of persuasion. Social engineering is about impersonating a trusted authority — your bank, technology provider, the government, an IT helpdesk worker — and creating a sense of urgency or fear that overrides any natural caution or suspicion the victim may have.

    Would you take the bait? Take our phishing quiz to find out

    These techniques are used in phishing e-mails and fake text messages (known as smishing). But perhaps they’re most effective when used “live” over the phone. Vishers have several additional tools and tactics to make their scams more successful, including:

    • Caller ID spoofing tools, which can be used to hide the scammer’s real location and even impersonate the phone numbers of trusted organisations. Last year, for example, clients of the Ritz London hotel had their personal details stolen during a breach at the luxury hotel and the scammers then used the data to mount convincing social engineering attacks against the victims, spoofing the hotel’s official number in the process.
    • Multi-channel scams that might start with a smishing text message, a phishing e-mail or a voicemail and encourage the user to call a number. Doing so will put the victim through directly to a scammer.
    • Social media scraping and open-source research, which can provide the scammer with a wealth of information on their victims. It can be used to target specific individuals (say, corporate employees with privileged accounts) and to add legitimacy to the scam – the visher may repeat back some personal details to the victim so that they might divulge more.

    The impact of vishing in the workplace

    Vishing is most likely in corporate context to be used to steal privileged credentials. The FBI has warned multiple times of such attacks. Back in August 2020, it detailed a sophisticated operation in which cybercriminals researched their targets and then called pretending to be from the IT helpdesk. Victims were encouraged to fill in their login details at a previously registered phishing site designed to spoof the company’s VPN login page. These credentials were then used to access company databases for customers’ personal information.

    Such attacks are more commonplace partly thanks to the mass shift to remote working during the pandemic, the FBI warned. In fact, it was forced to issue another alert in January 2021 for an operation in which similar techniques were used to gain corporate network access.

    A now-infamous breach at Twitter, in which highly targeted employees were tricked by vishers into revealing their logins, illustrates that even tech-savvy companies and users can fall victim. In this case, access was used to hijack the accounts of celebrity users to distribute a cryptocurrency scam.

    How voice phishing can hit my family

    Unfortunately, vishing scammers are also out in force to target consumers. In these attacks, the ultimate goal is to make money from you either by stealing bank account or card information directly or tricking you into handing over personal information and logins they can use to access these accounts.

    Here are a few typical scams:

    Tech support scams
    In tech support fraud, victims are often cold-called by someone pretending to be their Internet service provider, or a well-known software or hardware vendor. They’ll claim to have found a non-existent problem with your PC and then elicit payment (and your card details) to fix it, sometimes downloading malware in the process. These scams may also begin with a user presented with a pop-up window that urges them to call a hotline number.

    Wardialling
    This is the practice of sending automated voicemail messages to large numbers of victims, and usually tries to scare them into calling back — for example, by claiming they have tax bills or other fines unpaid.

    Telemarketing
    Another popular tactic is to call up claiming the recipient has won a fabulous prize. The only catch is that there’s an upfront fee required before the victim can receive their prize.

    Phishing/smishing
    As mentioned, scams can begin with a spoofed e-mail or fake SMS, encouraging the user to call a number. A popular one is an “Amazon” e-mail claiming something is wrong with a recent order. Calling the number will put the victim on the line with a vishing fraudster.

    How to prevent vishing

    Although some of these scams are becoming increasingly sophisticated, there’s plenty you can do to mitigate the risk of falling victim. Some basic steps include:

    • Go ex-directory, so your number is not publicly available;
    • Do not enter your phone number into any online forms (like when buying online);
    • Be wary of requests for your bank, personal or any other sensitive information over the phone;
    • Exercise caution — don’t engage with any unsolicited callers, especially if they ask to confirm sensitive details;
    • Never call back a number left via voicemail. Always contact the organisation directly;
    • Use multi-factor authentication on all online accounts; and
    • Ensure your e-mail/Web security is updated and includes anti-phishing capabilities.

    This promoted content was paid for by the party concerned

    ESET pharming phishing smishing vishing
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleSmart SUSE Linux Enterprise Server shifts the compatibility goalposts
    Next Article R385-million bid wins rocket trip to space with Jeff Bezos

    Related Posts

    Willington Ngwepe to step down as Icasa CEO

    10 August 2022

    Samsung unveils its latest foldable smartphones

    10 August 2022

    Cape Town’s DataProphet expands funding to R165-million

    10 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    How secure is your cloud?

    10 August 2022

    5 ways to make attack-path management more manageable

    10 August 2022

    Smart homes need even smarter Wi-Fi

    10 August 2022
    Opinion

    SIU seeks to set aside R215-million IT tender

    19 July 2022

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.