Vishing (Voice Phishing) :

The Growing Threat and How to Protect Yourself

Email Security > Phishing > Vishing

Vishing (Voice Phishing) : The Growing Threat and How to Protect Yourself

By Cian Fitzpatrick | 3rd July 2024

“Your internet access is about to be cut.”
“You’ve just authorised a payment to Amazon for 1327.62, would you like to go ahead with that?”
“Your bank account has been compromised, but I’m from your bank’s customer service and I can help you.”
“Your computer has been hacked and someone is stealing all your data right now, but I’m from Microsoft Tech Support and I’m here to help you.”
“You’ve just won the EuroMillions Lottery! I’ll just get some information from you and then we’ll transfer the funds to your account.” 

And so the list goes on.

vishing image

Welcome to the vishing world of scams. These scams are nothing new, but they’re on the increase, and becoming ever more sophisticated. Is the success rate of email scams going down as people become more savvy? Unlikely. It’s just a different avenue of attack with improved technology. Email allows us time to listen to our gut, to reread, to think, to get a second opinion.  

A phone-call poses a dynamic environment. It requires your immediate response, and can present a sense of urgency. In the heat of the moment, you’re under pressure and  you engage. This is the required opening to start the conversation and the manipulation process. The psychological tactics of social engineering seem to be growing in the cybercrime world. Scammers exploit universal human traits of greed, trust, fear, compassion, all wrapped in urgency, but the calm voice on the line is supportive and we’re relieved that help is on hand. This particular flavour of cybercrime is called ‘Vishing’, from voice+phishing, where a scammer uses the phone or voicemail to engage you. The development of AI technology has opened myriad possibilities to criminals as it allows a known and trusted voice to be impersonated, using just a short clip of the original voice. Add to that, caller ID spoofing, where the caller’s number can be falsified to a number, or name, that looks legitimate. 

The danger that lurks...

A quick Google search reveals that free voice cloning software is available, and there are reports of people receiving voicemails or voice notes from friends or family supposedly in distress, and in urgent need of money (always). They’ve lost their phone, hence the message from a different number (obviously).

These scams don’t merely affect the old or the gullible. Here’s the story of a New York Times financial reporter who was scammed of $50 000 through vishing, earlier this year. As far back as 2019, a deepfake attack on the CEO of a UK energy provider resulted in $243 000 transfer to a supposed supplier. The voice of his boss had been mimicked using advanced deepfake technology, requesting that the funds be transferred to a supplier. It wasn’t a supplier. 

In 2021, almost 60 million Americans fell victim to vishing, facing identity theft, and  financial loss to the tune of $29.8bn. This figure increased to $39.5bn in 2022, and an additional 9 million victims.

Protect your employees & organisation from phishing attacks

Contact Us

What are they vishing for?

Vishing attacks on organisations are largely for the purposes of procuring data. Personal and financial data is pure gold these days. This triggers identity theft and financial fraud. Scammers may also be looking for login information to corporate systems to infiltrate networks and steal data, install malware or ransomware, compromise systems and networks, and generally cause chaos. 

On individuals, successful vishing attacks will lead to some sort of financial gain. It’s a fairly easy route into someone’s life through the anonymity of a phone, and it’s fairly easy to create engagement and dynamic interaction, all ideal for psychological manipulation.

vishing image 2

7 ways to protect yourself against vishing scams:

  1. Don’t ever share personal details. If the caller says they’re just confirming details, ask them to do the confirming. If they’re a legitimate organisation with whom you do business, they will have your details on file. Financial institutions will never ask for personal details. Never share login details or passwords with a stranger on the phone.
  2. If you’re feeling at all suspicious about the caller, hang up. Look up the organisation’s number, and call it yourself. If it wasn’t them who called you, report the incident.
  3. Don’t answer unsolicited calls from unknown numbers. 
  4. Never return calls to numbers you don’t know, particularly if they have not left a message. Scammers often use an auto-dialler which hangs up after one ring. The caller ID might be a premium rate number, and if you ring back, the recorded message will tell you to hold for an urgent call. You will be charged a premium per-minute rate and these rates can be exorbitant.  
  5. Emails, text, or social media messages from strangers asking for your phone number might be the first step in a vishing scam. 
  6. Agree to a password with friends and family in case of a distress situation where you might indeed be using someone else’s phone.

Vishing red flags.

Scammers maximise their hit rate by using auto-diallers with a pre-recorded message which outlines the urgent and fear-inducing situation. It will ask you to hold on or press a key to speak to someone. This should alert you already. Hang up. 

If you’re already engaged in a conversation and you’re being pressured to take action or make a decision, chances are, it’s a scam. If there’s a sense of urgency and veiled threats that if you don’t take action now, something bad will happen, chances are it’s a scam. 

If you feel aggression in their tone, chances are it’s a scam. After all, you’ve wasted the precious time of the scammer, who could have scammed someone else in the meantime. 

If a call is from an authority of sorts, or a government body, be wary. If you get a message from a senior person at work asking for information, just pick up the phone and call their office to check. They will be grateful, rather than annoyed, if it wasn’t them asking for that information.

Poor call quality, or background noise can also be a sign of a scammer in a fraudulent call-centre operation. 

And remember, if something seems too good to be true, it probably is. If you never bought a EuroMillions ticket, you haven’t won it.  

Contact us for more details to keep your organisation safe. We’d be delighted to help your team.