Thanks to the efforts of employers and banks, most of us are familiar with the term phishing. We know that if something sounds too good to be true, it probably is. We have completed training and received alert emails from our employers, banks and other organizations we regularly work with to be aware of cyber scam attempts. and read emails and messages with a critical eye.
However, cybercriminals never rest – and as long as there is someone who could potentially be victimized, they will continue their efforts. Vishing – which has the same objectives as phishing – uses voice-altering software, phone calls and social engineering to trick users into revealing sensitive information. Many organizations train employees to recognize phishing emails, but fewer organizations raise awareness about vishing phone scams. And in a world where more and more of our daily communication takes place via written messages rather than phone calls, vishing attempts use the skills of an experienced person. fraudster to manipulate and socially manipulate a victim.
Identity and access management expert at Thales.
Anatomy of a scam
Phishing attacks generally work by sending large amounts of email messages to lists of potential targets. By masquerading as genuine emails, or by creating a sense of urgency or concern, phishers attempt to trick users into responding or clicking on a link hosting malware.
Vishing attackers, meanwhile, typically use two strategies to deceive their targets. One way is to send text messages to a long list of phone numbers – perhaps legitimately obtained or purchased from other cybercriminals – asking users to call the attacker's number or request other details. Another strategy is to use software to call through the list of numbers and play an automated voice message. This can prompt the victim to go to a website controlled by an attacker, or trick the victim into contacting a human scammer, who can continue the conversation and persuade them to share banking information, transfer money or perform other types of malicious actions. .
Once a cybercriminal gains access to a victim during a conversation, he can deploy various social engineering strategies to prey on the victim's innate trust, fear, greed, and desire to help. Although intentions may vary from plan to plan, the criminal tries to convince the victim that he is acting morally.
For example, a scammer might call claiming to be from a victim's bank and ask for details as part of an investigation into suspected fraud. Or they can pose as an employee's spouse, call their employer and request that the HR department immediately obtain the employee's phone number. Another common example is when someone pretends to be a grandchild and approaches their grandparents for financial help during a difficult time.
Financial gain is the main motivation of scammers. They will look for ways to make the victim feel like they have to act immediately, so they don't have a moment to think, ask someone else's advice, or change their mind. Apart from physically breaking into a property or IT infrastructure yourself, calling and manipulating a victim can be a very effective way to get them to send money, email sensitive data or give up information about their company.
Stay situationally aware
Vishing takes time to convince and build trust. Scammers must take advantage of the fallibility we all have as humans to distract and encourage thoughtless action. Using time pressure is another common tactic. Overall, organizations should be clear with their employees about what vishing attacks look like and encourage reporting and critical thinking. Everyone should be careful about sharing personal information in response to unsolicited contact. Anyone making legitimate contact will provide evidence to help users verify it is genuine before sharing sensitive details such as providing a primary number to call. For example, banks will never call or send messages without first verifying themselves using other sources.
Individuals must also practice the same critical thinking and situational awareness when combating vishing threats as they do when combating phishing attempts. Take a moment, think about the conversation and don't feel rushed to act. For example, banks and other financial service providers will never request any form of financial information from you. Furthermore, if a scammer pretends to be someone else, such as a close family member, colleague or manager, you can always contact the data subject.
Finally, screening and blocking calls and messages from unknown numbers on your phone are reasonable precautions. Scammers will never stop trying in a world where they can automate attacks, and the potential profit can be so great. But by staying aware and practicing a good level of critical thinking, users can protect both themselves and the organization they work for.
We have offered the best online cybersecurity courses.
This article was produced as part of Ny BreakingPro's Expert Insights channel, where we profile the best and brightest minds in today's technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro