cybersecurity education, risk mitigation, corporate counterintelligence, and awareness training from retired fbi agents at arruda group

What is Vishing

Nowadays, it seems like everyone wants a piece of you, doesn’t it? Hopefully, it’s because business is booming, but it’s not just customers who are after you. Cybercriminals, both foreign and domestic, want what you have. Data sales, financial fraud, ransomware, and more are very lucrative lines of work. The reality of cybercrime has led some organizations to avoid the internet as much as possible. Sure, isolation is a valid security policy. Unfortunately, criminals know nearly every building has more than one entrance… And the same is true for your network and valuable data.

Do you know if you’re ready to deal with a scammer the next time your phone rings?

What are Phone Scams?

Thanks to internet media exposure, you might be familiar with the “Indian phone scam.” Often originating in India, call centers will try to connect with private citizens to receive money. This scam works by having an auto dialer call a phone number. If the person connects to the call center, they speak with a criminal posing as a legitimate authority figure.

Often they pretend to be with the IRS, Microsoft, or other large organizations. Then, after claiming the victim has made an error, the scammer demands payment of thousands of dollars in gift cards. You might wonder how anybody could fall for something like that… But these scams cost Americans nearly $30 billion in 2020.

They aren’t the only form of phone scam, either. Even if you and your employees know better than to send gift cards over the phone, have you heard of “vishing?”

What is Vishing?

Vishing is a form of phishing that takes place over a voice call. We’ve talked about phishing on our website plenty of times, and this is another form of it. Voice phishing – Vishing is using fraudulent phone calls to get money or sensitive information. Like the phone scams above, this is a form of social engineering attack that relies on your employees’ trusting nature. Phone scams are nothing new; they’ve been going on for decades… But the beast has changed.

Vishing attacks may be a part of a larger coordinated attack. For example, if your network suffers from a distributed denial of service (DDOS) attack, your employees may expect updates. Attackers may call and pretend to be network administrators, and ask for passwords to your network to “test connectivity.” How many of your employees would fall for something that believable? The number might shock you.

How to Defend Against Vishing

Callers will always pretend to be somebody else. Be careful if you receive a phone call from a group you do business with. Once they start asking you questions, such as credentials or personnel info, hang up immediately. Contact the group through your usual channels and ask about the call. If the call was fraudulent, report it.

You should also know that nobody, under any circumstance, will ever ask for a password and account name over the phone. Don’t trust your caller ID, either. It’s relatively easy to “spoof” a phone number to appear as somebody else. If it’s happened to government phone numbers, it can happen to a vendor.

As is usually the case, this problem requires training and awareness. Suppose senior members of your organization are the only ones with this knowledge; it doesn’t do much. Most criminals won’t go for executive positions. They’ll go after your employees. Don’t let them be vulnerable to attack.

Contact Arruda Group to set up a training program to identify who needs the most training and ensure they get it. As these attacks increase in frequency, you can’t be caught unaware.