What is a Vishing Attack and How to Avoid It?
Table of Contents
- By David Lukic
- Published: Jan 27, 2022
- Last Updated: Mar 18, 2022
Hackers and scammers are crafty; they're always coming up with new ways of tricking people into divulging personal information. They will use any possible way to get to potential victims, including through snail mail, email (phishing), or SMS (smishing). Vishing is another tactic that attempts to get personal information through phone calls (the word is derived from V for voice, plus "fishing").
These scams target millions of people a year, and many fall victim due to the urgent nature of the messages. Phishing and smishing scams most often trap young people who rely heavily on their mobile devices and trust the information that comes through them. The FBI says that almost 7 million new web pages were created in 2020 to enable phishing attacks. These spoof the websites of legitimate banks or businesses to trap their victims into giving up essential information. More than 67 percent of those who mindlessly click on a link provided in a phishing email end up providing the scammers with personal information.
Who are Vishing Victims?
Older people are more likely to be targets of vishing through live calls or voice mail messages as landline phone numbers are easier to find than cell phone numbers. Scammers who target older people via telephone calls have had success pretending to be from government agencies, according to the Federal Trade Commission. Saying they're from the Social Security Administration, scammers claim the victim's account is "locked," and personal information such as a Social Security number is needed immediately. At other times the callers pretend to be from the police, looking for immediate bail money for a family member.
What are Vishing Tactics?
Beware that these scammers may also use the Covid-19 virus and contact tracing as a ruse to get your personal information. For instance, they may say that someone who is infected reported that they had contact with you. Then they will likely ask for your birthdate, address, and perhaps a credit card number to send you an at-home test.
Vishing is one of the many ways that a person with malicious intent may try to get:
• A bank or credit card account number.
• A PIN.
• A password.
• Your birthdate, social security number, or other personal information.
• An answer to a security question on your account.
How Vishing Attacks Work
Vishing attacks are done by scammers using computer programs that dial dozens of phone number combinations simultaneously, hoping to get someone to answer. Once the call is answered, the scammer launches into an excited description of a dire event that requires immediate action. They might pretend to be a police officer in possession of a lost or stolen credit card or a bank officer who needs to confirm the victim's account was not hacked.
The common characteristics of these phone calls include:
- Pretending to be from an official agency (such as the police), a business, or a bank
- A sense of urgency
- A need for immediate information or answers.
The technology used by vishing attacks often hides the phone number where the call is originating. The victim's caller ID may show "restricted" or "out of area." More sophisticated attackers may be able to spoof their number so that the call appears to be coming from a town near the victim, perhaps the city where the bank or credit card company is located.
Once a scammer gets personal information from a victim, they may hack the victim's account directly. People often have two-factor authentication enabled on accounts, making direct attacks more difficult. If that's the case, the hacker may only sell the victim's personal information on the dark web, where another person may collect and compile this data until there's enough to hack an account.
How to Avoid Vishing Attacks
There are various ways to reduce the likelihood of being a vishing victim. One is always to be skeptical of any phone call you did not initiate about an account. In addition, consider these steps:
- Register your landline phone for the Do Not Call Registry to reduce the number of scam calls you receive. If fewer calls are coming in, the chance that you will be a victim is reduced. Use a blocker that prevents most spam calls from getting through—these range from hardwired devices that filter phone calls to NoMoRobo subscription services.
- Make it a hard-and-fast rule to provide no personal information over the phone to anyone who calls, regardless of how urgent the situation appears to be.
- Always put the phone down and look up the bank, school, or other institution that is allegedly contacting you. Call them back using a number you find on an official website or a statement you received in the mail.
- Remember that official communication from banks, the Social Security Administration, the Internal Revenue Service, and similar institutions are done by letters, not phone calls that seek immediate action. No official source ever tells a person they must pay a fine in gift cards to avoid arrest.
- Stop and think twice about answering requests from anyone who calls. Scammers are always changing their tunes and may say they are from a package delivery service but need to confirm your credit card number, or that you won a sweepstake but need to pay a small fee to release the cash winnings. They will lie about being from the police, a funeral home, a hospital, or anywhere that may convince their victims to reveal personal information.
- Don't answer the phone. If you answer the phone when a vishing attacker or spam caller is on the line, it confirms that your phone number is legitimate so that it will stay on their list of future calls. If you screen or ignore spam calls and let them go to voicemail, you are less likely to be targeted in the future.
- For added security, check your credit reports regularly (each person is entitled to one free credit report per year from each of the three major credit reporting agencies). This will tell you if anyone is fraudulently using your personal information or has opened an account in your name. In addition, you may put a freeze on your account to prevent another person from using your name or personal information to open a line of credit or take out a loan.