“If you Think you Know-It-All about Cyber Security, this Discipline was probably Ill Explained to You”- Stephane Nappo
Gone are the days when we had to wait endlessly for communicating something to our loved ones.
Phones came as a savior which helped us to connect with others at the click of a button. In due course of time, these little devices became more and more sophisticated and have now become an inseparable aspect of our lives.
But, do you know that this little companion of yours, can in fact become a medium for a cyber attack too? Yes, you heard it right; phone calls can tantamount to an entirely different category of cyber attack and this forms the crux of the answer to the question of What is Vishing.
In this blog, we shall try to understand What is Vishing in Cyber Security. We will look at what is vishing attack in terms of its types and examples. Moreover, the query of what is a vishing attack, shall be sought to be understood in its entirety through differentiating vishing from phishing attacks and smishing.
If you are curious about knowing more about another very common form of Cyber Attack, known as Clickjacking, do read our blog on “What is Clickjacking?: All that You Need to Know”
What is Vishing?
Vishing is a type of cyber crime which operates as a phone scam wherein callers (cyber criminals) persuade/force/convince you to reveal sensitive, confidential and personal information over the call.
Vishing Attacks are considered to be a combination of Voice and a Phishing Attack. In other words, Vishing can be understood as a voice based phishing attack, meant to extract personal or financial information from the victims over a fraudulent phone call.
The basis of vishing lies in convincing the victims that they are doing the right thing in revealing their information to the caller. This is ensured through various means which we shall look at in the next section.
Sometimes, the cybercriminals even resort to forceful and strong language in intimidating the victims for revealing data. Moreover, technological advancements have made it even easier to contact more and more people.
Hundreds of calls can be placed at a time using VoIP (Voice over Internal Protocol) Technology and the Caller ID can be spoofed in order to dupe the victims into believing that the call is from a trusted source.
In trying to understand, what is a Vishing Attack; you should remember that it a kind of cyber attack wherein scammers make use of social engineering techniques for making victims reveal their confidential information.
Social engineering operates as a manipulation technique which is based on the fundamental human instinct of trust for stealing corporate and personal data. A vishing attack is essentially unpredictable and is executed with detailed planning, causing immense harm to the victims.
What is Vishing Attack: Examples
In this section of the blog, we shall look at What is Vishing in terms of some of the common instances which are reflective of a Vishing Attack.
- Bank Impersonation
Under this type of Vishing Attack, a cyber criminal might impersonate the Bank, Credit Card Company or other financial institutions which the victim has reasons to trust. Through the spoofed phone call, the victim is usually told by the scammer that either there has been some suspicious activity at the end of his band account or there is some issue with his credit card and so on.
Consequently, the victims are asked to confirm their bank details, mailing addresses, account numbers and so on.
- Telemarketing Attack
The chance to grab a free prize is a lucrative prospect for each one of us. Unfortunately, cyber criminals seek to exploit this basic human instinct as bait for alluring victims. Vishing takes place when victims are instigated to divulge confidential information in lieu of claiming the free prize.
- Tech Support Fraud
This is an instance of a Vishing Attack wherein Callers adopt the spam identity of a tech support from a reputable company. Victims are falsely informed of unusual activity at the end of their account and asked to confirm their account details.
At times, they are also asked to provide their email address, to which they are promised of being sent a software update, which often ends up being a way to implant malware in the victim’s system.
- Social Security Scams
Cyber criminals might pose as medical representatives or government agents in order to elicit bank account details or Medicare number from the victim. Through this, the crook might use the healthcare benefits of the victim.
Additionally, there might be instances wherein victims are told that their social security number has been suspended and they are asked to confirm the same. This relates closely to potential vishing scams and identity theft, often perpetrated under the guise of the Social Security Administration or other authoritative bodies.
- Tax Scam
The victim is told of some kind of anomaly at the end of his tax returns through a pre-recorded voice message. He is intimated to call back or else threatened of a warrant for arrest being issued in his name. The scammer usually makes use of a spoofed caller ID in order to allegedly pretend that the call is from the IRS (Internal Revenue Service).