What is Vishing in Cyber Security?

Social engineering is the psychological manipulation of others for some sort of personal gain. Vishing or phone phishing is a method of social engineering that tries to obtain the personal data of users, often in the form of banking information. In this way it is similar to regular phishing and smishing.

In the case of vishing, the fraud is carried out through a telephone call, deceiving the victim through the impersonation of a third party who claims to be trustworthy. Calls of this type can be very diverse. Depending on the cybercriminal's objective, the content of the call will vary.

It has never been more necessary to be alert to potential fraud. Increasingly sophisticated scammers are impersonating banks and other authorities to retrieve personal information which can be exploited, usually for monetary gain. Often, some of our own personal data is already known to them which they use to engender trust. By doing so, they can get the victim to provide even more information.

The sophistication of phishing is such that it combines different social engineering techniques. These include open-source intelligence (OSINT) which searches for information in Internet sources and Spoofing which is a phone impersonation. Often, the scammer will pretend to be a bank or service to which the user is already subscribed.

When you receive unexpected calls from your bank in which they ask for sensitive information such as passwords, an electronic signature, a confirmation code sent by SMS or similar information, it is essential that you are immediately suspicious and do not fall for the fraud attempt. You should always remember that your bank will never ask you for this confidential information over the phone.

Not all vishing are equally sophisticated. Sometimes, they make random calls to users, impersonating any type of service. Their aim is to deceive as many people as possible. A common vishing scam is that of a fake computer technician who calls the client to solve an alleged problem that has arisen on the equipment. The cybercriminal tries to convince the user that they need to install a remote access program to fix the problem. Through this method, they manage to take control of your computer and have access to your banking information. There are more variants of this case that affect banking clients, often using the excuse of a security incident.

Another increasingly frequent case is identity theft of mobile phone operators. They may offer the possibility of participating in a draw for exclusive gifts such as the latest generation smartphones. It is essential that you keep in mind that these types of misleading offers will not only reach you through phone calls, but also through online advertising and messages.

With vishing scams, cybercriminals use any information provided by the user to commit more sophisticated scams. You should not provide personal data or any type of confidential information when you receive unexpected phone calls.

Learn more about maintaining cyber security with our article explaining how to protect your information on Facebook.

At oneHOWTO, we provide the following recommendations to protect yourself from vishing:

• If you receive a call you don't expect from a well-known service, be suspicious. You should also be suspicious of communications that ask you to take an urgent action, especially if they ask to give your bank details.
• If you receive a supposed call from your bank and have questions, contact the entity through its official channels. Do not call back using any of the information they have provided.
• Do not give out personal information or provide your banking credentials. Your bank will never ask you for confidential information by SMS, email or any other channel that offers little security.
• Be very careful with extraordinarily good offers, implausible promotions or money back that you did not ask for. If you have any questions about what they are offering you, contact the legitimate entity or find out more through their official channels.
• In any case, you should stay calm and do not follow the cybercriminal's instructions. It is better that you interrupt communication and contact your bank or the entity in question to report what happened. If you have provided your details, check immediately if there have been any movements in your bank account.

The main differences between vishing, phishing and smishing center on the method used by scammers to obtain information:

• Vishing: they gain access to your personal data through a phone call or voice message to cause you to reveal private information.
• Phishing: scammers use a real-looking email address with a link that prompts you to provide personal information such as your full name, credit card number and social security number. Learn more with our article explaining what is phishing in cyber security?
• Smishing: cybercriminals send text messages or use common messaging apps (e.g. Slack) to contact unsuspecting users. In the messages, they usually include a link through which the scammers ask for personal and banking information.

Now that you know what is vishing in cyber security and how you should protect yourself, we recommend reading this article on how many hackers are there in the world?

If you want to read similar articles to What is Vishing in Cyber Security?, we recommend you visit our Internet category.