Vishing on the Rise

Linkedin_20200724_vishing blog

No that is not a typo. Phone phishing, or vishing, is the criminal practice of using the telephone system to gain access to personal and financial information for the purpose of committing fraud. Vcpi has noticed an uptick in vishing over the past several months. According to the Centers for Disease Control (CDC), “Malicious cyber criminals are attempting to leverage interest and activity in COVID-19 to launch coronavirus-themed campaigns.”

Vishing exploits an individual’s trust in telephone services, as the victim is often unaware that fraudsters can use technology enabled methods such as caller ID spoofing and complex automated systems to commit this type of scam. Fraudsters have turned to vishing in an attempt to steal user’s financial account numbers, passwords, and other personal data.

To protect yourself from falling victim to these scams, be wary of answering phone calls from numbers you do not recognize.

  1. Verify unexpected phone requests in ways that aren’t connected to the incoming phone call. For example, use an official directory and another phone to call the company’s main office and ask to speak with the caller who is making the request.
  2. Be very suspicious of any caller who asks you to share login information over the phone.
  3. If a caller asks you to provide account data or personally identifiable information, refuse to do so — and report the contact to your service desk.

Vcpi will never call you to request that you change logins, passwords, or network settings. Any caller who makes this type of request is probably a scammer. Refuse the request and notify your service desk.

Keep these tips in mind the next time the phone rings.

  • Be aware – Knowing how these thieves operate can help you from getting scammed. Always remember that a legitimate business doesn’t make unsolicited requests for personal, sensitive, or financial information. Anyone who does this over the phone is probably trying to scam you.
  • Look at the caller ID – Some scammers are using numbers that don’t exist, such as 1-800-123-112234
  • Don’t five in to pressure – If someone tries to coerce you into giving them sensitive information, hang up.
  • Don’t answer phone calls from unknown numbers – It is tempting to answer calls from unknown numbers. You might think, ‘What if it’s an emergency and someone needs me?’ Be aware that anyone who’s calling you with a real emergency will leave a message.
  • Stay calm and don’t panic – Since these criminals frequently play on your emotions keep a cool head, give them zero information, and hang up the phone.
  • Call them back – Since it is someone you have a business relationship with, call them back at the number you usually use to verify it is them.
  • Be skeptical at all times – Even if your Caller ID gives the name of a bank, charity, or some other company or organization, it could be a trick.

Mark Schafer CISSP, CISM

Chief Information Security Officer