Exactly What You Should Know About Vishing

Exactly What You Should Know About Vishing

Have you heard of vishing?  Think of it this way:  voice + phishing = vishing.

Simply put, vishing is a phishing attack by phone as an attempt to gain your credit card, financial or other personal data.  It’s just another opportunity for the bad guys to trick you into giving up personal information.  Unfortunately, this type of attack has increased substantially due to the number of people that are currently working from home.

How Vishing Works

A simple example – you receive a call from someone purporting to be a customer service representative from your credit card company.  The caller is informing you that your account has been compromised, and they are calling to follow up with you.  You may be busy or caught off guard so you think it’s a legitimate call.  You answer their questions and give up your information.  The rest, as they say, is history.

Anyone anywhere can receive a vishing call. My elderly father-in-law happened to receive one of these calls last month about his credit card.  Thankfully, he abruptly hung up on the caller and then called to let us know what happened.  We assured him he did the right thing by not answering any of their questions.

Vishing attempts can appear to come from banks, law enforcement and other government entities (remember, the IRS will not be calling you), and scams involving tech support.  By using internet phone services (VoIP), the scammers can spoof caller ID numbers to make them look legitimate.  

Best practice is if you do not recognize a phone number, let the call go to voicemail and do not call that phone number back.  If you have a concern about an alleged call that came from your bank or your credit card company call the institution(s) directly and inquire.

To Avoid Vishing Tricks

  • Bookmark the correct web address for companies you work with frequently (banks, insurance, etc.) and do not visit alternative URLs on the sole basis of an inbound phone call.
  • Be suspicious of unsolicited phone calls, visits, or email messages from unknown individuals claiming to be from a legitimate organization. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information. If possible, try to verify the caller’s identity directly with the company.
  • Limit the amount of personal information you post on social networking sites. The internet is a public resource; only post information you are comfortable with anyone seeing.

Unfortunately, in these perplexing times, we need to be aware and alert to all attempts from the “bad guys” to access information.  CRU Solutions can help teach your team to be safer.  Contact us!