You’ve just gotten back to work from a nice, relaxing vacation. You’re going through the 50+ emails in your inbox, and you come across one that appears to be from your bank. The email explains that there have been fraudulent charges made to your account and you need to call the bank’s 800 number immediately for further instructions.
You call the number provided in the email message. Instead of the typical recording you would hear from the bank, you get a different recording asking you to input your credit card number to authenticate your account. If you’re thinking something sounds “phishy” here, you’d be right.
This is an example of voice phishing, or vishing – the fraudulent practice of extracting sensitive information over the phone. Although the example above started with an email, vishing scams can also be done through direct phone calls or voicemails. Because the hacker is using a VoIP, a technology that allows you to make calls using the Internet instead of a regular phone line, caller IDs can be spoofed making the call seem even more legitimate.
There are several ways you can protect yourself from vishing…
It’s crucial to remain vigilant and aware that the many emails you receive every day may include those that are trying to phish you. Cyber criminals who use vishing and other phishing methods employ tactics to catch you off-guard. Don’t fall for those that play to your emotions, like the example above, in which the email message is trying to scare you into taking quick action without thinking.
Never give out your sensitive information to anyone who calls you directly. Only consider providing sensitive information over the phone if you’ve called your bank from the phone number listed on the back of your card, or on the company’s website. This includes credit card information, social security number, account numbers, pin numbers, or any other information that could open the door for hackers.
Like phishers, vishers often use scare tactics to get you to hand over your sensitive information. Always be cautious of any phone call that uses threatening language to get your attention.
Always be suspicious of phone numbers provided in emails. To be safe, cross check the phone number provided on the company’s website. It’s also important to be suspicious of links provided within emails. Always hover over the link to check the authenticity of the link – this will show you if the link is going where it says it will go. An even safer option is to navigate to the website by typing the correct url into the address bar.
Blog Source: Helion’s Cyber Training Partner Inspired eLearning