What: Vishing or Voice phishing is information solicitation technique where fraudsters use telecalls or voice messages to gain access to personal and financial information of the target. This technique exploits the target’s trust (via telecommunication) by pretending to be calling from reputable companies, banks or government departments’ in-order gather critical personal and/or financial information.
How: Fraudsters call the victim’s landline/mobile phone posing as representatives of government agencies, banks, or through a reputed marketing agency. Fraudsters gather a basic profile of the victim through social engineering techniques to add a veil of legitimacy to their claim of knowing victim’s details and persuade/tricks the victim over the telephone to provide personally identifiable information or transfer money.
The fraudster uses several techniques to commit “Vishing”:
- Spoofed caller IDs: Vishing calls are often made from VoIP (Voice over Internet Protocol) numbers and the fraudster can spoof the caller ID to resemble contact number/s of a company/organization.
- Urgency: The caller creates a sense of urgency by stating that the victim has missed a deadline or is a winner of the lottery and demands immediate action. Besides, the fraudster employs techniques like threats to revoke a business license, arrest, or missing the opportunity to make money to make the target panic.
- Callback: A recorded voice message states there was fraudulent activity on the victim’s credit card or bank account. A new number is then provided to the victim to call back, which brings the victim to an automated system asking for their personal information to confirm the victim’s identity.
- Do not respond to unknown or unsolicited calls.
- If you are told of a dire action on your or your bank account, do not panic, call your bank’s call center and check about your account.
- Do not provide your mobile # and other critical contact details readily on social media or networking sites.
- Do not provide banking information to anyone even if the caller claims to be from the bank.
- Do not share any confidential information, Password, PIN or OTP with anyone over the phone or otherwise.
- Never accept a friend request (Facebook/LinkedIn etc.) from anyone whom you do not know (even if you have friends in common).
- Use security filters of social media applications to safeguard your profile and ensure that no one accesses your details.