Vishing is phishing’s mobile counterpart. It is defined as the act of using the telephone in an attempt to scam the client for the surrender of private information to be used for identity theft. The scammer typically pretends to be a legitimate business and tricks the victim into believing he or she is going to profit. 143 million people were affected by the Equifax hack alone.
Anatomy of vishing step by step
Following steps are involved in execution of a vishing attack.
- Finding the Target
- Tricking the Target
- Using the Stolen Information
Types of Vishing
This is when the visher uses an automated system with a message concerning local or regional banks or credit unions to dial different area codes. Once someone responds to the phone, a generic or targeted recording starts asking the listener to enter bank account, credit or debit card numbers along with PIN codes.
Voice over Internet Protocol, or VoIP, is an Internet-based phone system that can make vishing simpler by allowing multiple tandem technologies to operate. Vishers are known to use VoIP to make calls and to use VoIP-connected servers.
Caller ID Spoofing
This is the method of causing the phone network to show a false number on the recipient’s caller ID. Several companies are offering software to enable caller ID spoofing. VoIP has known vulnerabilities that require caller ID spoofing. Such devices are usually used to fill a caller ID with a particular bank or credit union, or simply with the words “Bank” or “Credit Union.”
Simply dig through the dumpster of a bank and save any lists of customer phone numbers is one time and tested “hack.” Once the viewer has the list, for a more targeted attack, he can program the numbers into his system.
Below are ways you can prevent yourself from falling victim of a vishing attack.
- Never call the number given to you or displayed on your Caller ID.
- Never share any personal information.
- Never respond to an unknown number call.
- Don’t completely trust caller ID.