Vishing – The new kind of phishing
Vishing is a telephone version of phishing and is made up of voice+phishing. Attackers are now exploiting phone calls as the new medium to carry out illegal activities and to rob customers of their funds.
It seems to be an old-fashioned way of communicating but it is much better for hackers as compared to technologically advanced online attacks for the following reasons:
According to TrendMicro, “These attacks are carried out using Voice over IP (VoIP) providers, making features like Caller ID spoofing, automated attendants, and anonymity much more readily available.”
Vishing is very hard for legal authorities to track and monitor.
Above all, it’s easier for hackers to pretend themselves as genuine and trustworthy thereby fooling users and taking valuable information from them.
How Vishing works?
Attackers generally use a 3-step process for vishing as outlined in the TrendMicro research report:
- The first step is to “select” their targets. Attackers create scripts that automatically dial multiple people and, like any mass phishing attack, cast a wide net that ultimately catches a few unsuspecting customers of the bank they have spoofed. The attackers can download software that allows them to show whatever phone number they want to (and thus, pretend to be from the spoofed bank).
- The second step involves the attackers asking for personal identification numbers of the targets “selected”. Attackers ask victims to provide their credit card numbers and other pertinent account information.
- The last step revolves around the attackers’ use of obtained information to steal money from the victim.
What if I have become a vishing victim already?
There are some pointers that you need to follow if you are a vishing victim so as to minimize the hardship:
- File a report in your local police station.
- Get in touch with the representatives of financial institutions or banks where you hold your account, credit card and utility companies, or any other institution that you think your information can be tampered by hackers and apprise them of the situation.
- Document all your conversations so as to save yourself from any future trouble.
The Golden Rule as outlined in the research report is:
A legitimate company would never ask you to provide your PIN or password over the phone or online. If you receive such a call, hang up and inform your bank right away.