What is Vishing? Tips to spot and prevent vishing attacks
As technology develops, so do the tactics cyber criminals use to exploit individuals and organisations. In a recent article, we talked about phishing, the most common type of social engineering.
This blog will discuss vishing, its types, and how to prevent this looming cyber attack.
What is Vishing?
According to Statista, 69% of IT departments have been targeted by a vishing attack. Vishing, also known as voice phishing, is a fraudulent activity wherein a cybercriminal seeks to manipulate an individual into divulging confidential or personal information over the phone. With this technique, the cyber attackers typically impersonate a trustworthy entity such as a bank or IT support.
Types of Vishing Attacks
Caller ID Spoofing
Caller ID Spoofing involves the masking of the caller ID. Instead of showing the number, a message is displayed instead such as, ‘HMRC’ or ‘Police Department.’ To disguise their identity, cybercriminals may use caller ID spoofing to falsify the information displayed on the phone’s caller ID.
Wardialing
Wardialing is where a large number of telephone numbers are automatically dialled in an effort to search for numbers that can be exploited. This technique targets numbers within a specific area code.
Dumpster diving
As the name suggests, with this technique, vishers search dumpsters, behind important organisation buildings, searching for phone numbers and information they can target and exploit, such as email addresses, phone numbers, or account information.
Tech support
Vishing attempts often mask themselves as legitimate calls from banks or tech support. These vishing attacks often urge the listener to take urgent action to fix an account or technical issue. In this way social engineers attempt to influence the individual into taking action either through panicking or manipulation.
A reliable IT support provider will be security conscious, taking measures to ensure your personal information is kept secure whilst they seek to resolve your IT challenges.
How to Prevent Vishing Attacks
1. Blocking spam calls.
Whether you use an Apple, Android, or another operating system, phones have features that enable you to block and filter out spam calls.
Follow the resource steps below to block spam calls on your Apple or Android device.
2. Verify caller identity.
Employees should be trained to verify the caller’s identity through a method other than the incoming call before sharing sensitive information.
3. Don’t share your number.
Avoid sharing your phone number when requested via email or social messages.
4. Avoid unknown calls.
Where possible, avoid answering calls from unknown or private numbers. However, calls from government entities such as the police department may use private numbers when making a calling. If you are anticipatng a call from such entities, stay silent until the caller has identified themselves and explains the reason for their call.
5. Implement a security company policy.
Implement a company policy that discourages sharing confidential information over the phone without proper verfication procedures.
Cyber Security awareness training
It’s not enough to simply provide your employees with documentation when it comes to equipping them with the knowledge they need to stay alert about cyber security threats.
To improve your business’s cyber security arm, you need to have insight into your cyber security posture and provide ongoing cyber security and awareness training.
Get in touch to learn more about the steps we can take to help you enhance your cyber security and reduce the risk of falling victim to social engineering attacks and other cyber threats.