What is vishing? Difference between smishing and vishing
Your phone rings. The phone number is not familiar but is from your local area. You pick up the phone and hear a hospital representative telling you about your injured relative, asking for immediate financial support. You stress out and provide your credit card details, bank logins, or transfer money. Unfortunately, you have just become a victim of vishing.
What is vishing ?
Vishing is a form of phishing. During a phishing attack, a cybercriminal uses messages (emails, text messages, chats, phone calls, etc.) to steal information, access details, or money from the victim.
Vishing is one form of phishing. A criminal exploits voice communication, typically, phone calls.
These attacks belong to the social engineering attack group. Usually, the criminal tries to create a sense of urgency, panic, or fear, so the target reacts immediately(f.e., giving away sensitive information). Statistics suggest that 98% of cyber attacks rely on social engineering.
This attack is critically dangerous if the cybercriminal has gathered information about you (name, physical address, names of relatives) from the previous data breaches. This information allows him to establish rapport; this increases his success rate.
How is vishing different from smishing?
Vishing and smishing are very similar types of phishing. They both involve reaching the victim through the mobile phone.
During a vishing, voice-based phishing attack, a cybercriminal will call you using your phone number.
During a smishing, an SMS-based phishing attack, the hacker will send you a short text message with a fear-provoking scenario.
The end goal of these two attacks is the same, but the medium is slightly different.
How to recognize vishing ? Typical scenarios.
The biggest problem with vishing is that sometimes the caller is legitimate. F.e., the bank representative might call you in case of emergency; the staff from hospitals or police will contact you in case of trouble. Therefore, you have to recognize the signs that can help you correctly distinguish a cyber attack from a legitimate call.
Here are the three most common scenarios that are used in vishing attacks:
-
Issues with a credit card, bank account, or Social Security. The caller might impersonate a bank, Medicare, or Social Security representative and inform you about a compromised account. They will ask you to provide details so they can fix the issue.
-
Tempting investment offers. The cybercriminal can suggest you invest in a risk-free project that will provide a great pay-off. He might urge you to transfer money now, or the offer will expire. You may get asked to send money or provide login details to your investment account.
-
Urgent financial aid. The attacker can come up with a scenario where your close relative is injured, kidnapped, got into a car accident, etc. Usually, they will insist you support the person financially immediately without providing any additional information.
However, none of these scenarios will happen in real life like this. The bank representative will never ask you to provide your bank information via phone. The investor will never call and offer a deal out of the blue without knowing you. The emergency services will never ask you to transfer money before helping your relative.
Never fall for a trap when someone requires you to make an urgent, immediate decision.
How to protect yourself from this attack?
These calls might happen – the attackers can quite easily find a random number to call.
Therefore, when you notice at least one red flag, always ask additional questions to verify the caller’s identity. Ask for the name and surname, and position. Immediately google it.
In case you start panicking, hang up the phone and contact the person in trouble or your bank directly. If you want to be polite, suggest to the caller an idea that you can call back on their official number indicated on their website. If the person is displeased, tries to avoid it, persuades you to continue the conversation, hang up.
As soon as you suspect this might be a vishing phone call, hang up and block the phone number.
Trust your reasoning. Look for red flags. It is better to be safe than suffer from financial or personal damage.