If you read our blog, you might’ve recently read a piece we’ve published on smishing (insert link). Give it a read if you still haven’t. What you should know is that hackers are trying to scam regular people and institutions in any way they can. They phish over all channels imaginable. There’s spear phishing, angling, smishing, pharming, cloning and the focus of our article today – vishing. What is the meaning of vishing, how does it work, what are some examples of it and how to protect yourself from it. In this article we’ll focus on all of these things!
Vishing (Voice Phishing) – 101 Overview
Better understanding the concept, goals and ideas of a
vishing attack
allows you to stay informed and protected from them. As all cybersecurity experts mention, the most effective measure against falling victim to a vishing attack is being aware of the risks and noticing the signs that could give them away. Statistics tell us that
close to 33% of all Americans have fallen victim to a phone scam and due to this lose billions of dollars annually.
So, let’s uncover
what is vishing
and some voice
phishing examples
.
What is Vishing?
Vishing is just a sub-category of phishing. And phishing is a commonly occurring cybercrime where malicious actors and attackers try to deceive people. By doing so they can
- Trick people into giving them login credentials or even money
- Gain access to people’s accounts
- Gain access to people’s devices
- Plant malware inside your device to steal personal data & money
- Install ransomware into an organization’s internal system and demand ransom
Vishing is a very popular form of phishing which is done over a voice call. Here’s an illustration of the most popular Tech support vishing scam.
How it Works? Anatomy of Voice Phishing Attacks
In the big picture, vishing can either be just the final step in a big phishing scheme or the foundation of the whole operation. To understand how it works, we don’t need to know a lot about technology. The scams are very simple most of the time. They tend to prey on the lack of awareness and/or knowledge from the victim.
Let’s look at tech support scams and use one common example.
- Hackers buy similar domains that are frequently visited by seniors
- Their goal is to get a domain that may have a different extension (i.e. .org instead of .com) or have a very unnoticeable typo.
- When the user comes to the site, it can look very similar to the one it’s replicating.
- Suddenly, pop-ups or threats emerge on screen, informing that your PC is infected with viruses or that something went wrong.
- “Luckily” there’s a phone number you can call.
- Once you call it, a scammer answers and impersonates a tech support expert
- They will explain that you need to buy antivirus software, renew a license or do similar things. These would cost you anywhere from 50 to 1000 USD.
- In reality these support agents are just scamming you and your money will be transferred to their account.
- Nothing on your PC changes. It wasn’t even infected in the first place.
Also, since voice calls are considered a very trustworthy channel for communication, scammers exploit that. They usually target senior citizens who aren’t as aware of certain potential exploits.
Who is Most at Risk of getting targeted by Vishing Attacks?
It’s hard to pinpoint just one or two key demographics and groups of people that are most-targeted by phishing attacks. In general, different vishing attacks could target different people.
- Tech support scams can target elderly and seniors
- C-level executives, especially newly hired, could be a target
- Private individuals who have businesses
- People in organizations who are responsible for HR, digital security, accounting and have access to sensitive information that could be hacked and/or exploited.
This chart shows industries which are most targeted by phishing attacks (including vishing).
Where do most vishing attacks come from?
There aren’t many statistics on this one, but it’s important to notice a tendency that people on social media who are trying to combat these scammers, put on display. More often than not, especially when it comes to Microsoft tech support scams, they can be traced back to India.
A lot of these scam calls are done by people who are pure scamming professionals. They work in very well-operated scam call centers that look like legitimate organizations from the outside but are actually just full of people who are scam salespeople.
Imagine Dwight Schrute and Jim Halpert earning commission for paper sold in the TV show office? Yup, you guessed it, the hackers earn commission for the money they lured away.
Which countries do vishing attacks most target?
Remember the tech support scam with PCs that we talked about? Well, since most personal computers run on Windows, Microsoft is usually the company that these scammers impersonate. Look at the map below. It shows the frequency of Microsoft customer complaints regarding these and similar scams.
This chart shows which countries are most affected by scam/spam calls. As statistics show, around half of spam calls are also linked to scam and cybercrime.
In 2017, Microsoft said that it receives around 10,000 complaints regarding tech support scams, on average, each month. Tech support scams focus on countries with large and usually wealthy English-speaking populations. So the list includes the U.S., Canada, Australia and the United Kingdom. If you’re in a non-English speaking country, it’s likely that scammers are domestically based.
How to identify and not fall victim of vishing attacks?
In order to identify a vishing attack, you should be at least slightly vigilant and skeptical. First, back up your work data to the cloud (continuously) so even in the case of PC outage or hardware/software issues, you won’t be stressed out that everything’s lost. In such cases scammers are most efficient in exploiting anxious people who are afraid that their valuable documents, pictures or work files are lost.
Key things to note for avoiding vishing
- Pretty much any solution that can be done by the service provider remotely, won’t require you to install TeamViewer or desktop sharing applications.
- If it requires hands-on fixing, the call representative will likely direct you to a service or a shop.
- It is 99.99999 % unlikely that a tech support call would ever result in requiring to pay a fee whilst on the call. Even if a license of an app or Windows expired, you can just log off the call and buy a license on your own time and on your own terms. The software will provide a more convenient way to pay and handle these things.
- If something feels off, just hang up and try to contact the tech support via official phone numbers on the official app website. Alternatively, handle the matter by e-mail or live messaging.
Here’s a chart showing a more sophisticated vishing scam in action.
What to do if I’m being targeted by a Voice phishing attack?
There are many voice phishing examples in the world. If you suddenly notice that the phone conversation you’re having reminds too much of a vishing attack or scam that you’ve read about, here’s a few things that you can do.
How to securely call your contacts, receive calls, and avoid vishing?
It’s hard to sometimes grasp the reality that our phone is at risk of being targeted by scammers. You need to be aware of the possible threats. But, at the same time, if you use apps like Skyda, you can be sure that the calls you’re getting or doing are safe, secure and private. Communications on Skyda are end-to-end encrypted, your connections with other users are P2P-based. Yet, with all that privacy, audio and video is crystal clear thanks to the open-source WebRTC technology that the app implements.
Try it out for Android today. App for iOS is coming soon!
Summary
So, the digital world around us isn’t as safe as you might think. Vishing
is a big big threat for both private individuals and professional organizations alike. By knowing about tech support scams and the anatomy of most vishing scams, you can better protect your money and your data from them. Hopefully this was useful to you. Until next time!