In yesterday's blog, Hikvision senior director of cybersecurity, Chuck Davis, covered security concerns related to vishing scams. Today’s blog will outline examples of vishing to help you prevent becoming a victim.
Vishing is a combination of the word “voice” and the word “phishing”. It’s a form of phishing that uses voice calls rather than email to trick a victim into divulging personal, sensitive or confidential information to an attacker. It’s a new term for the old phone scam. Below, we provide examples of vishing so you can learn to identify them.
Examples of Vishing
Episode 69 of Darknet Diaries shares an example of vishing. The entire episode is insightful, but the story that includes vishing begins at 50 minutes: 29 seconds.
In 2018, KrebsOnSecurity wrote about how some technology experts have even been scammed or nearly scammed by some clever vishing attacks.
Not all vishing calls are made to the victim. In the video below, you will see how a social engineer at the DefCon hacking conference was able to take over a reporter’s cell phone account (with permission) just by making a phone call:
Six Tips to Protect Yourself from Vishing
Below are six ways you can protect yourself from a vishing attack:
- Don’t give personal, sensitive information to anyone who calls you directly unless you can absolutely verify their authenticity.
- If you do get a call that could be a vishing attack, look up the phone number of the company and call them back. However, be careful because some vishers are setting up rogue sites to give false phone numbers so use extra caution when looking up the phone number.
- Understand that attackers may have some information about you when they call.
- Don’t answer calls from unfamiliar numbers.
- Don’t pay callers with gift cards or wire transfers. Scammers want these as payment because they are almost impossible to track and you have no way to reverse the charges. Instead, make payments with a credit card.
- Report any vishing attacks:
- If you’ve lost money to a phone scam or have information about the company or scammer who called you, report it at ftc.gov/complaint.
- If you didn’t lose money and just want to report a call, you can use the FTC’s streamlined reporting form at donotcall.gov.
For more tips to increase awareness of cyberattacks and other security concerns, check out our cyber blogs.