Did you know… Vishing is one of the most successful methods to get access credentials and personal and professional information?
This attack can be initiated via:
- Phone calls – where the attacker says that they belong to trusted institutions to get information
- Phishing e-mails (learn more here) – they want you to resolve issues by contacting the given e-mail or phone number directly
- Voicemail messages – similar to the situations above
Vishing (the combination between Voice and Phishing) is an attack method that tries to convince users to provide their sensitive personal or professional information, usually financial information, via voice call
1. Recognize the warning signs
- Generic greeting: Attackers rarely know user’s names
- Sense of urgency: It’s frequent to emphasize the urgency of the situation to lead victims to do what they want
- Immediacy: The goal of attackers is to lead you to act immediately. To trigger those actions, they use awards, special and limited gifts, or emphasize the urgency of certain situations, such as unlocking a device or unblocking bank accounts
- Representation of trusted entities: Attackers often identify themselves as representatives of trustworthy entities, such as banks, tech companies, telecom companies, post offices, among others
- Personalized information: Even when the contact seems reliable because it uses your name, postal code, or position, always confirm the source, namely by searching or by directly contacting the entity in question
| 2. Think before you act |
- Do not provide contact information or any information concerning your corporate structure or activity by telephone
- Do not provide sensitive data, namely financial data, or credentials to access financial data, especially when the contact is initiated by the other person
- Regardless of their nature, do not perform the tasks requested during the call
- Never make any payment. This is a strong indicator that you are being a victim of attempted fraud
3. Be critical, do your research, and hang up when in doubt
- Do not trust phone calls where callers ask for sensitive information or money
- In case you doubt the caller’s identity:
- Go to the real website of the institution independently and confirm the telephone number
- Ask for technical information that only a real employee could know, and analyse their answer
- Search for the contact on the Internet. There are forums and websites that describe scams where you can identify common aspects of the contact you just received
- If there’s still doubt, hang up. Then, look for the real contact of such entity and see if the number that called you was, in fact, reliable
- Avoid giving any sensitive data when you are the call recipient. If you think it’s worth it, use the number and call the entity in question yourself
