Cyber fraud using fake calls is often called vishing, a term that combines “voice” and “phishing.” Vishing is a form of social engineering where attackers use phone calls to impersonate legitimate organizations, such as banks, government agencies, or tech support, to deceive people into sharing sensitive information (like banking details, credit card numbers, or personal identification data) or transferring money.
Typically, vishing scams involve tactics to create urgency or fear, making people more likely to fall for the scam.
Vishing scams have become increasingly sophisticated and are often part of larger cybercrime schemes. Here’s a breakdown of how vishing scams typically work, some common methods used, and ways to protect against them:
How Vishing Works
- Caller ID Spoofing: Scammers often spoof their caller ID to make it appear as if the call is from a reputable organization. This makes the call look more credible and increases the likelihood of the victim answering.
- Impersonation and Social Engineering: The scammer will typically impersonate a bank, government agency, or tech support service. They use social engineering techniques to manipulate the target’s emotions, often creating a sense of urgency or fear (e.g., “Your bank account has been compromised!” or “You owe back taxes that must be paid immediately!”).
- Personal Information Extraction: The goal is to extract personal information, such as account numbers, passwords, or Social Security numbers. In some cases, scammers might ask the victim to confirm or share a one-time password (OTP) sent to their phone, allowing them access to online accounts.
- Money Transfer Requests: Some vishing scams involve persuading victims to transfer money, usually through wire transfers, prepaid gift cards, or even cryptocurrency, as these payment methods are harder to trace.
Common Vishing Scams
- Bank Fraud Calls: Scammers pretend to be bank representatives who warn the target about unauthorized transactions or hacked accounts. They may ask for account details, passwords, or OTPs to “fix” the problem.
- Tech Support Scams: Fraudsters claim to be from tech companies (e.g., Microsoft or Apple), saying the victim’s device is infected with malware. The scammers then ask for remote access to the device to “resolve the issue” but end up installing malware to steal information.
- Government Impersonation Scams: Scammers pretend to be from tax or law enforcement agencies, claiming that the target owes money and faces arrest or other consequences if they don’t pay immediately.
How to Protect Yourself
- Don’t Share Sensitive Information: Legitimate companies rarely ask for personal information, passwords, or OTPs over the phone.
- Verify the Caller: Hang up and call the official number of the institution to confirm whether the call was genuine.
- Watch for Red Flags: Pressure to act immediately, requests for payment via unusual methods, or claims of urgent security issues are warning signs.
- Use Call-Blocking Services: Many phone carriers offer services to filter out potential spam calls.
Reporting Vishing
If you receive a vishing call or fall victim to one, it’s essential to report it to authorities, like the Federal Trade Commission (FTC) in the U.S., as well as your financial institution, to help prevent further incidents.
By Pankaj Bansal