Vishing
Vishing (voice phishing or voice phishing) is an attack that uses voice calls and social engineering techniques. Attackers use a phone call to trick the victim into giving up personal or payment information or to get them to transfer money. Simply put, it is a hoax call.
•How do you defend against vishing?
How does vishing work?
Voice phishing attacks are usually carried out using automated text—to—speech systems that direct the victim to call a number controlled by the attacker. Sometimes, the attacks are carried out directly by a live caller. The attacker then tries to use psychological pressure to extort information from the victim to transfer money, most often personal details, login details (for online banking) or payment details (for example, credit card number and CVC/CVV code). All this usually ends with the transfer of money to the fraudster's account.
Thanks to the ability to use Machine learning (ML) to create synthetic voices, attacks in which fraudsters use ML—based tools to mimic in real time the voice of a high—ranking company official and convince employees to transfer money pose a major threat to companies.
Do you recognize vishing?
The following tips should make it easier for you to defend against vishing:
•A phone number that appears on your phone screen will look suspicious. For example, it may be short or contain a special area code. Unfortunately, scammers can use spoofing, where the attacker can spoof any number.
•Even more advanced and cautious users often fall for spoofing, relying on the previously secure verification of a contact via email or phone number.
•The criminal is non-specific: doesn't know your bank, mumbles a fake name and job title and gives general information to get private information from you.
•The call tries to create a sense of urgency. The attacker suggests that problems may occur if you do not act quickly.
•You can check suspicious numbers against publicly available mobile number databases or type them into Google to discover that they belong to scammers.
•The call puts you in the shoes of a rescuer. When you give the attacker information, you "save" your colleague, boss, or entire company.
How do you defend against vishing?
Most people believe they can spot a vishing scam.
However, it is easy to succumb to an urgent request for sensitive data when stressed. We usually only realize something is wrong when it is too late.
That is why we offer you a guide on recognizing vishing and not falling for fraudulent phone calls.
Safety rules
Beware of unsolicited phone calls. You should be especially wary if the caller claims to represent the Bank or company you work for or with whom you have recently been in contact.
There is a simple way to check if a phone number is fraudulent. Look in your cell phone's call log and copy or transcribe the number into your favorite search engine. Since each number is a unique string of digits, it can easily be found in publicly available databases that internet search engines regularly index. If the number is fraudulent, you will find the experiences of other users described in the online database. To be sure, check the number in several different databases.
How do you verify a phone number?
•End the call and tell the other party you will call back later.
•Look up the phone number of the institution the caller claims to be from a trusted source and call them directly. Notify them of the fraudulent call. Also, give the number of the attacker to the Czech Police. Never call back the number of the attacker. You can balso block the number on your phone.
If you use ESET Mobile Security, use the Call Filter feature. The Call Filter blocks incoming and outgoing calls depending on your set rules. If you block an incoming call from a fraudulent number, the attacker will no longer reach you. To block a call from the last number you received, tap Block Last Caller in the app. If you are on Android or iOS, you can easily block a number directly from the default calling app. Go to the number detail and select block caller or blacklist from the options.
How to block a fraudulent number on a mobile phone?
•Scammers can get your basic personal information online (for example, on social media). Don't assume a caller is trustworthy just because they know your name or have some of your personal information.
•Never share your online banking password, credit card number, PIN, CVC/CVV code or other sensitive personal information with anyone. The bank will never ask you for this information.
•Never transfer money from your bank account to another account at the request of an unverified person. The Bank will never ask you to make such a transfer.
•Report any suspicious call from your bank through an official helpline.
Your bank will never ask you for your bank details or other sensitive information over the phone or in an email.