Don’t Get Hooked by Vishing Attacks

Cybercriminals are motivated and creative, which is not a great pairing for their victims. Just when we think we know what to watch out for, there’s something new to worry about. Right now, voicemail phishing (vishing) attacks are on the rise. Find out more about vishing and what you can do about it.

First, a reminder: phishing refers to bad actors sending fraudulent emails. They use social engineering to get you to reveal personal or sensitive information. For example, employees might get an email that looks like it’s from your IT team. It might ask them to renew their access credentials in the next 24 hours, but they need to enter their existing credentials into an online form to make the change.

Vishing also relies on social engineering – it targets our impulse to trust or help – but, vishing does this using voicemail. Cybercriminals use this approach to attack individuals and businesses, and they aim to obtain the information they need to perpetrate further crimes.

How does vishing work?

Cybercriminals prepare in advance to make vishing more convincing. They’ll call from what looks like a local number, and you’ll be more likely to answer. They learn enough about their victim or the organization they claim to be from to appeal to human nature.

A vishing attempt will:

  • use urgency to encourage you to act;
  • leverage false credibility to convince you they’re legit (e.g. calling from the government, tax department, IT support, or HR);
  • employ persuasive language to make you want to help;
  • take a threatening tone so that your fear you will be arrested or have your bank accounts shut down to override your suspicions;
  • reference current events to tap into your worries (e.g. during the tax season, criminals might spoof tax collection agencies; or during COVID, people were promised testing kits for sharing their bank information).

Avoid falling victim to vishing

Make vishing awareness part of your security training for employees. Communicating how to avoid falling victim can help your business stay safe.

The number-one rule is to never provide or confirm personal information by phone. A bank, hospital, tax office, or the police are not going to call you on the phone to ask for personal details. And they are definitely not going to call and try to motivate you to act urgently.

It is also unlikely that your manager or human resources would call you at home to ask you to transfer funds, provide confidential data, or email documents from your personal account.

Always ask for proof that you can use to verify the caller is who they say they are and works where they claim to. If you’re given a number to call to confirm the caller is legit, look it up. Call on a different phone to check that it’s a real number.

Stay aware of the latest trends. For instance, a new take on vishing sends emails claiming to share links to voicemail messages on LinkedIn- or WhatsApp-type services. If the recipient clicks on the link, they go to a convincing page (complete with CAPTCHA for added legitimacy) where crooks try to capture their access credentials.

This latest iteration of vishing aims to evade your cybersecurity solutions. There’s always something to keep up with. Need help? Our experts can set your business up for network security success. Call us today at (416) 848-6218 or 1 (888) 268-2564.

More To Explore

How to Reduce PC Power Consumption

You probably grew up having a parent saying, “turn the lights off!” That was the number-one way to save on the power bill. But now,

We Love to help

We’re dedicated to offering you the best services for your business. Whether you need a one-time solution or ongoing support, you can count on us to get the job done well. Even if you don’t quite know what problem you are looking to solve, our outstanding team is standing by with all the solutions in-hand. Complete the contact form below and start erasing your problems.

Is Managed Service a good fit for my business?

If your business is among those that require efficient, sophisticated technological guidance and protections, the ongoing support of an MSP can be a game changer.

If you’d like to learn more about the types of managed services that we offer, contact us directly

We Are A Company Made Up Of People Who Love What They Do.

Combining an extensive set of individual talents and over 30 years of professional IT experience, our team has come together with a shared goal: serving small businesses.