KEY POINTS
- Phishing, and its telephone-based derivative, vishing, remain a significant threat to both individuals and businesses.
- Symantec’s 2019 Internet Security Threat Report identified that 96% of targeted social engineering attacks are carried out for the purpose of intelligence gathering.
- It is estimated that $46.3 billion is lost annually, due to vishing/telephone based fraud.
If you are reading this article, you have probably received a call from “scam likely” at some point in your life. With most of the global workforce operating remotely, scammers are leveraging every trick in the book to con unsuspecting individuals out of their hard-earned cash. This week, we will explore a technique used by scammers, known as vishing, which relies on phone-based social engineering, and provide you with tips to protect yourself from vishing attacks.
Social-engineer.org defines Vishing as “the practice of eliciting information or attempting to influence action via the telephone.” Vishing is a common technique utilized by scammers to obtain valuable information on a target. This information can subsequently be used to compromise an individual, or organization. The frequency of vishing attacks has increased so substantially that, in 2019, vishing scams actually made the top of the IRS’s “dirty dozen” list, which highlights the top 12 annual tax scams!
To get a better perspective of the social engineering tactics utilized by scammers when initiating a vishing attack, and to learn how to defend against said tactics, we will scrutinize the ensuing video from our friends at the National Cybersecurity Alliance, Adobe, and Speechless INC.
In addition to the best practices presented in the above video, the following tips can be leveraged to prevent and/or minimize your susceptibility to falling prey to a vishing attack:
- Remember, caller ID can easily be spoofed. Always verify that the caller is who they say they are. This should preferably be done in person, but can also be done via alternative means, such as calling their office directly, if you are dealing with a business.
- Scammers will typically attempt to create a false sense of urgency to get you to act irrationally. Always think before you act!
- If the caller is requesting payment via gift card or wire transfer, chances are the caller is a scammer.
- The government will never randomly call you offering you money or requesting payment from you. When in doubt, end the call, and contact the government agency directly to confirm the authenticity of the request.
Want to learn more about Vishing best practices this Cybersecurity Awareness month? Well you have come to the right place! Drop us a message and we will be glad to continue to the conversation with you. Don’t forget to subscribe to our newsletter to stay up to date with our latest Cybersecurity Awareness Month content!
Additional Resources