What is Vishing and How to Recognize It | Antivirus Software

What is Vishing?

This is a common scenario. Someone logs into a social network clicks on a tempting link and sees a blue screen with a warning message and a free phone number to call to fix a serious computer problem.

The call is answered by a polite technical specialist who is ready to provide you with any assistance. For money. After the user provides his credit card information to pay for the software needed to solve the problem with the computer, the fraudulent campaign, which costs the victim dearly, ends.

The software doesn't work, the polite technician disappears. And the user becomes another scam called "vishing".

Wishing in the Shell

Most people have heard of phishing. Phishing is the mass mailing of tempting emails or text messages to entice users to follow a link or visit sites with malware. Links can also be displayed to website visitors whose area of ​​interest potentially coincides with the subject of the advertised product or service.

Wishing is an oral form of fraud in which cybercriminals, using telephone communication, under various pretexts, encourage people to take actions supposedly in their own interests. Vishing often replaces phishing.

In the example above, the victim clicked on a link in an online ad that interested her. The malware embedded in the link blocked the devices and could only be unblocked by a helpful "technician" who had to be contacted by phone. The solution to the problem turned out to be a paid service. Of course, this was all a fraudulent scheme, and the technician's “company” was the actual source of the problem.

How Common is Vishing?

According to the BBC, in 2015, credit card fraud became a global business, generating $ 16 billion in revenue for its members and $ 1 billion in vishing. Essentially, vishing takes effect any time the criminals gain access to victims' personal information.

Cybercriminals deliberately create conditions to entice unsuspecting victims to voluntarily provide valuable personal information such as full names, addresses, phone numbers, and credit cards.

With this information in hand, cybercriminals can demand payments from users, for example, for allegedly repairing a computer or for antivirus software, depending on the "specialization" of the fraudsters.

As soon as cybercriminals get at least a little bit of information about the interests of the user, vishing comes into play. Fraudsters use the information they have to create a sense of urgency for the user and then emerge as saviors, offering a simple way out in a calming voice.

How to Recognize Vishing

Sometimes people find it difficult to determine when they fell victim to vishing. Users often do not realize that the helpful person on the other end is tricking them into personal information. However, there are warning signs to help you recognize potential fraud.

In many cases, the callers are self-called experts or specialists in their respective fields. They may appear to be computer specialists, bankers, police officers, or even victims of fraud.

However, if the callers are really who they say they are, then their professional identity can be easily verified with a simple call. If they are unable or unwilling to provide the information necessary to verify their identity, they cannot be trusted. But even if they provide contact information, it is worth checking their legitimacy by calling the organization's official phone number.

And while we often give in to callers' assertiveness, the atmosphere they generate for urgent problem resolution is a huge red flag. Users need to take a couple of deep breaths and then write down all the information the caller provides without asking for any details. In addition, you can try to find a common phone number on the Internet, call it back and check if the person/organization is who they say they are.

The recipients of such calls should also avoid clicking on links in emails (phishing) or SMS messages on their mobile phones (SMiShing). Any correspondence can contain "interceptors" that download malware that can control computer systems, steal user data, and even spy on them.

If users receive unsolicited calls offering any computer services, they should not call back the phone they were called from.

Today, there is a technology that allows attackers to block the victim's phone line after the end of the call, and redirect all subsequent calls from the user to the rogue ringer. People who believe that the problem may actually exist should use a different phone to call the official number.

Report a Crime

A true technician who eliminates the consequences of a security incident on your computer, always strongly recommends that users change account passwords, notify their banks and credit institutions about incidents, and closely monitor financial transactions.

While vishing and its online phishing sibling are not going anywhere anytime soon, vigilance and a healthy dose of skepticism will help reduce the risk of losses from these types of scams.