Menu
By Cian Fitzpatrick | 3rd July 2024
“Your internet access is about to be cut.”
“You’ve just authorised a payment to Amazon for €1327.62, would you like to go ahead with that?”
“Your bank account has been compromised, but I’m from your bank’s customer service and I can help you.”
“Your computer has been hacked and someone is stealing all your data right now, but I’m from Microsoft Tech Support and I’m here to help you.”
“You’ve just won the EuroMillions Lottery! I’ll just get some information from you and then we’ll transfer the funds to your account.”
And so the list goes on.
Welcome to the vishing world of scams. These scams are nothing new, but they’re on the increase, and becoming ever more sophisticated. Is the success rate of email scams going down as people become more savvy? Unlikely. It’s just a different avenue of attack with improved technology. Email allows us time to listen to our gut, to reread, to think, to get a second opinion.
A phone-call poses a dynamic environment. It requires your immediate response, and can present a sense of urgency. In the heat of the moment, you’re under pressure and you engage. This is the required opening to start the conversation and the manipulation process. The psychological tactics of social engineering seem to be growing in the cybercrime world. Scammers exploit universal human traits of greed, trust, fear, compassion, all wrapped in urgency, but the calm voice on the line is supportive and we’re relieved that help is on hand. This particular flavour of cybercrime is called ‘Vishing’, from voice+phishing, where a scammer uses the phone or voicemail to engage you. The development of AI technology has opened myriad possibilities to criminals as it allows a known and trusted voice to be impersonated, using just a short clip of the original voice. Add to that, caller ID spoofing, where the caller’s number can be falsified to a number, or name, that looks legitimate.
A quick Google search reveals that free voice cloning software is available, and there are reports of people receiving voicemails or voice notes from friends or family supposedly in distress, and in urgent need of money (always). They’ve lost their phone, hence the message from a different number (obviously).
These scams don’t merely affect the old or the gullible. Here’s the story of a New York Times financial reporter who was scammed of $50 000 through vishing, earlier this year. As far back as 2019, a deepfake attack on the CEO of a UK energy provider resulted in $243 000 transfer to a supposed supplier. The voice of his boss had been mimicked using advanced deepfake technology, requesting that the funds be transferred to a supplier. It wasn’t a supplier.
In 2021, almost 60 million Americans fell victim to vishing, facing identity theft, and financial loss to the tune of $29.8bn. This figure increased to $39.5bn in 2022, and an additional 9 million victims.
Vishing attacks on organisations are largely for the purposes of procuring data. Personal and financial data is pure gold these days. This triggers identity theft and financial fraud. Scammers may also be looking for login information to corporate systems to infiltrate networks and steal data, install malware or ransomware, compromise systems and networks, and generally cause chaos.
On individuals, successful vishing attacks will lead to some sort of financial gain. It’s a fairly easy route into someone’s life through the anonymity of a phone, and it’s fairly easy to create engagement and dynamic interaction, all ideal for psychological manipulation.
Scammers maximise their hit rate by using auto-diallers with a pre-recorded message which outlines the urgent and fear-inducing situation. It will ask you to hold on or press a key to speak to someone. This should alert you already. Hang up.
If you’re already engaged in a conversation and you’re being pressured to take action or make a decision, chances are, it’s a scam. If there’s a sense of urgency and veiled threats that if you don’t take action now, something bad will happen, chances are it’s a scam.
If you feel aggression in their tone, chances are it’s a scam. After all, you’ve wasted the precious time of the scammer, who could have scammed someone else in the meantime.
If a call is from an authority of sorts, or a government body, be wary. If you get a message from a senior person at work asking for information, just pick up the phone and call their office to check. They will be grateful, rather than annoyed, if it wasn’t them asking for that information.
Poor call quality, or background noise can also be a sign of a scammer in a fraudulent call-centre operation.
And remember, if something seems too good to be true, it probably is. If you never bought a EuroMillions ticket, you haven’t won it.
Contact us for more details to keep your organisation safe. We’d be delighted to help your team.
Deep dive into some of the online risks and how you can protect yourself from these risks.