Home » Vishing (Voice Phishing): The Growing Threat and How to Protect Yourself
By Cian Fitzpatrick | 3rd July 2024
âYour internet access is about to be cut.â
âYouâve just authorised a payment to Amazon for âŹ1327.62, would you like to go ahead with that?â
âYour bank account has been compromised, but Iâm from your bankâs customer service and I can help you.â
âYour computer has been hacked and someone is stealing all your data right now, but Iâm from Microsoft Tech Support and Iâm here to help you.â
âYouâve just won the EuroMillions Lottery! Iâll just get some information from you and then weâll transfer the funds to your account.âÂ
And so the list goes on.
Welcome to the vishing world of scams. These scams are nothing new, but theyâre on the increase, and becoming ever more sophisticated. Is the success rate of email scams going down as people become more savvy? Unlikely. Itâs just a different avenue of attack with improved technology. Email allows us time to listen to our gut, to reread, to think, to get a second opinion. Â
A phone-call poses a dynamic environment. It requires your immediate response, and can present a sense of urgency. In the heat of the moment, youâre under pressure and you engage. This is the required opening to start the conversation and the manipulation process. The psychological tactics of social engineering seem to be growing in the cybercrime world. Scammers exploit universal human traits of greed, trust, fear, compassion, all wrapped in urgency, but the calm voice on the line is supportive and weâre relieved that help is on hand. This particular flavour of cybercrime is called âVishingâ, from voice+phishing, where a scammer uses the phone or voicemail to engage you. The development of AI technology has opened myriad possibilities to criminals as it allows a known and trusted voice to be impersonated, using just a short clip of the original voice. Add to that, caller ID spoofing, where the callerâs number can be falsified to a number, or name, that looks legitimate.Â
A quick Google search reveals that free voice cloning software is available, and there are reports of people receiving voicemails or voice notes from friends or family supposedly in distress, and in urgent need of money (always). Theyâve lost their phone, hence the message from a different number (obviously).
These scams donât merely affect the old or the gullible. Hereâs the story of a New York Times financial reporter who was scammed of $50 000 through vishing, earlier this year. As far back as 2019, a deepfake attack on the CEO of a UK energy provider resulted in $243 000 transfer to a supposed supplier. The voice of his boss had been mimicked using advanced deepfake technology, requesting that the funds be transferred to a supplier. It wasnât a supplier.Â
In 2021, almost 60 million Americans fell victim to vishing, facing identity theft, and financial loss to the tune of $29.8bn. This figure increased to $39.5bn in 2022, and an additional 9 million victims.
Vishing attacks on organisations are largely for the purposes of procuring data. Personal and financial data is pure gold these days. This triggers identity theft and financial fraud. Scammers may also be looking for login information to corporate systems to infiltrate networks and steal data, install malware or ransomware, compromise systems and networks, and generally cause chaos.Â
On individuals, successful vishing attacks will lead to some sort of financial gain. Itâs a fairly easy route into someoneâs life through the anonymity of a phone, and itâs fairly easy to create engagement and dynamic interaction, all ideal for psychological manipulation.
Scammers maximise their hit rate by using auto-diallers with a pre-recorded message which outlines the urgent and fear-inducing situation. It will ask you to hold on or press a key to speak to someone. This should alert you already. Hang up.Â
If youâre already engaged in a conversation and youâre being pressured to take action or make a decision, chances are, itâs a scam. If thereâs a sense of urgency and veiled threats that if you donât take action now, something bad will happen, chances are itâs a scam.Â
If you feel aggression in their tone, chances are itâs a scam. After all, youâve wasted the precious time of the scammer, who could have scammed someone else in the meantime.Â
If a call is from an authority of sorts, or a government body, be wary. If you get a message from a senior person at work asking for information, just pick up the phone and call their office to check. They will be grateful, rather than annoyed, if it wasnât them asking for that information.
Poor call quality, or background noise can also be a sign of a scammer in a fraudulent call-centre operation.Â
And remember, if something seems too good to be true, it probably is. If you never bought a EuroMillions ticket, you havenât won it. Â
Contact us for more details to keep your organisation safe. Weâd be delighted to help your team.