Types of Vishing Attacks and How to Avoid Them

Every year, thousands of people fall victim to vishing attacks conducted by malicious actors. In fact, the TrueCaller Insights 2022 U.S. Spam & Scam Report stated that 1 in 3 Americans (33%) report having ever fallen victim to phone scams. Along with this, as many as 68.4 million Americans (26%) reported losing money from phone scams. Up from 59.4 million (23%) in the year prior.

These statistics are no doubt very concerning and may lead to some questions; What do these kinds of scams look like, what can I do to protect myself? In this article, we will be discussing 4 different forms of vishing attacks that we see most commonly nowadays. We will discuss the approach scammers may take with these, along with how to protect ourselves from their attacks.

Robocalls

Robocalls are the most well-known form of a vishing attack. They are often a pre-recorded call played back to every single person that is dialed or to the voicemail it reaches. The voice asks for personal information or may claim to be representing a business or government agency.

These types of scams are becoming increasingly common to spot that most people simply hang up when they receive them. However, statistics show that in 2022, the amount of people that fell victim to a robocall and lost money increased to 61.1% from 60% in 2021. This goes to show that even robocalls are still a viable means that scammers use to prey on the public.

To protect yourself from robocalls, consider the following steps:

• Avoid providing personal information or making payments over the phone unless you initiate the call to a trusted entity.
• Know that government agencies will never call, email, or text you to ask for money or personal information unsolicited.
• Know that services such as the National Do Not Call Registry, can only block legitimate sales calls from real companies, but cannot stop calls from scammers. You can try installing call-blocking apps or enable call-blocking features provided by your mobile service provider that can identify and block suspicious calls. However, note this may not a be a fool-proof method, so always remain vigilant.

Tech Support Calls

Tech Support calls usually involve scammers posing as representatives from reputable companies, such as internet service providers or software providers. They may call claiming that your computer or device has a technical issue and request remote access or payment to fix the problem. If the caller is aware of products that you may use such as streaming services and subscriptions, they may choose to call regarding “changes to your account”.

When it comes to corporations, Tech Support calls are some of the most common. In attempt to compromise an employee of a company, a scammer may pose as someone from an internal IT help desk to “fix” some problems on the employee’s computer. They may even impersonate the real help desk line by using spoofed numbers or even the names of individuals affiliated with it.

To protect yourself from tech support calls:

• Always be skeptical of unsolicited calls claiming to provide technical assistance. Companies such as Microsoft or Amazon will never reach out to consumers for technical issues unsolicited.
• Never grant remote access to your computer or device to unknown individuals.
• Contact the company directly using official contact information to verify the legitimacy of the call.
• If you are an employee and the caller is posing as a fellow colleague, verify their identity first through your company’s proper channels.

Caller ID Spoofing

Caller ID Spoofing, as mentioned briefly above, is a technique that is used by scammers to manipulate the caller ID displayed on your phone’s screen, making it appear as if the call is coming from a trusted source. The trusted source may be a tax agency, police department, hospital or even a relative that you may have saved in your contacts. This tactic can create a sense of urgency to deceive individuals into sharing sensitive information or making payments.

For example, scammers have used Caller ID Spoofing to impersonate a police department calling about a family member needing a payment to be bailed out of jail. They can even make it look like the call is coming from a family member’s phone. Perhaps they call claiming the relative has been in a bad accident, and that they need information to give to the hospital or paramedics. Nowadays, it is very easy to find phone numbers associated with someone, especially with websites such as TruePeopleSearch, WhitePages, and 411.com.

To protect yourself from caller ID spoofing:

• Be cautious when receiving calls from unfamiliar numbers.
• If the call seems to come from a trusted source in your contacts and you feel as though something is off, ask if you can call them back after hanging up. By calling back the person in your contacts, the call will go to their number, not a spoofed one.
• Avoid sharing personal information or financial details over the phone without verifying the caller’s identity independently.
• Consider using apps or services that authenticate callers or display warnings for potential spoofed calls.

AI-Based Vishing

As technology advances, so do the techniques employed by scammers. AI-based vishing, a sophisticated form of voice phishing, poses a significant threat in the digital landscape. By leveraging artificial intelligence technology, scammers are able to manipulate human-like voices to deceive unsuspecting individuals. With the ability to mimic accents, speech patterns, and emotions, scammers can create convincing scenarios that manipulate victims into divulging personal information, providing access to accounts, or initiating financial transactions.

This method of vishing typically triggers an emotional response in the victim, hijacking their power of reason. Combining the use of an AI-generated voice and a spoofed caller ID, an attacker could even pose as someone the victim may know very well. This has been used to convince a target that their family member or close friend may be in danger. Never underestimate the lengths a truly malicious actor may go to get what they want.

To protect yourself from AI-based vishing:

• Remain vigilant and be aware that scammers can use AI technology to simulate human voices. Do not solely rely on the caller’s voice as a verification factor.
• Verify the caller’s identity through independent means, such as contacting the organization directly. Avoid using the phone number provided by the caller as it may be part of the scam.
• Always think critically before letting emotions take over. Often, AI-based vishing attacks will attempt to evoke an emotional response from us, especially if they are mimicking someone that we may know. Even in a time of a supposed crisis, take the time to think things through and act in a rational manner before giving up sensitive information.

The Bottom Line

Indeed, vishing scams are not to be taken lightly. From robocalls to AI-based vishing, scammers have found effective avenues of successfully compromising their unsuspecting victims. Which is why knowing about the tactics they use and the avenues they take is so important. As times change, different kinds of malicious scams evolve. Awareness of these scams helps us to prepare before such an attack is launched against us, so we’re not caught off-guard. Remembering the steps we learned in this article will help us to stay vigilant, think critically, and avoid being duped by malicious actors.

Written by: Josten Peña

Images:
https://bestlifeonline.com/wp-content/uploads/sites/3/2022/09/automated-police-phone-call-scam-news.jpg?quality=82&strip=1&resize=640%2C360
https://image.cnbcfm.com/api/v1/image/102141273-450751107.jpg?v=1532564399&w=929&h=523&vtcrop=y
https://cdn.i-scmp.com/sites/default/files/d8/images/canvas/2023/05/03/a3f25503-0a23-4b5e-bd2d-59b2175335a6_2b927fe9.jpg

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/social-engineering/types-of-vishing-attacks-and-how-to-avoid-them/