Vishing is a type of scam in which fraudsters try to manipulate the victim over the phone, enticing them to divulge sensitive information. The term "vishing" is a combination of "voice" or "VoIP" (Voice over Internet Protocol) and "phishing". In a vishing attack, the attacker attempts to grab the victims data and use it for their own benefit, typically to gain a financial advantage. Vishing attacks are a type of social engineering attack, as they use psychology to trick victims into handing over sensitive information. Vishing attacks can start with sending an SMS, but there is a voice contact at some point during the fraud attempt. The initial sending of an SMS only serves as bait to confirm that the number really belongs to someone or simply to induce a potential victim to call a number so the criminals can follow up with the attack. Vishing attacks can target individuals and organizations, and the impact of a vishing attack can be mitigated by putting solutions in place that prevent an attacker from achieving their goals even if the initial attack is successful.
Some common examples of vishing attacks include:
- AI-Based Vishing: Hackers use AI to carry out wicked agendas, and we’re seeing it play out in social engineering scams like vishing.
- The Caller Asks for Your Information: Anytime a caller asks for personal information, you should be skeptical. There is often no way to know for sure whether the request is legitimate or part of a vishing scam.
- Offers of a Time-Sensitive Nature: A vishing attack often hinges on creating a sense of panic or otherwise applying pressure on the victim. This could include offers of a time-sensitive nature or those that provide a solution to a dire problem.
- Fraudulent Text Messages: Scammers can also send fraudulent text messages that direct victims to call them through links or phone numbers.
To protect against vishing attacks, it is important to be aware of how they occur and to be especially wary of calls with special offers and requests for personal information. It is best to say no when a caller asks for personal information. Proper user awareness programs can help prevent vishing attacks, and training staff about vishing can help them recognize the telltale signs of a vishing attack.
