Most people have heard of phishing; vishing is a different attack that falls under the general phishing umbrella and shares the same goals. Vishers use fraudulent phone numbers, voice-altering software, text messages, and social engineering to trick users into divulging sensitive information. Vishing generally uses voice to trick users.
Like consider the following scenario.
Here, the caller pretends to be a government agency representative such as someone from the FBI, IRS, or Social Security Administration. They may say they need to discuss an important issue with you but first need to verify your identity. If you don’t comply, they’ll start making threats, saying they’ll arrest you or cancel any government benefits you receive.
Based on the above situation most of us think that it's real only few know it's a fraudulent one. So, the above one is the best example for Vishing.
But before move on to the definition part first we have to know how the vishing is differ from phishing?
Because in our previous article we discussed about phishing, above situation also look like phishing method. So, the difference is very essential one.
Phishing and vishing have the same goal: to obtain sensitive data from users that could be used in identity theft, monetary gain or account takeover. The main difference between phishing and vishing is the medium used to target potential victims. Whereas phishing is primarily an email-based attack, vishing uses voice, typically calls to a user’s cell phone number.
Now you all know how it differs. OK let's move on to the type of vishing.
1. Wardialing
The cybercriminal uses software to call specific area codes, using a message that involves a local bank, business, police department, or other local organization. When the call is answered the automated message begins, urging the person to provide their full name, credit card details, bank account information, mailing address, and even social security details. The recorded message may suggest this information is needed to confirm the victim’s account has not been compromised or to confirm valid account details.
2. VoIP
VoIP makes it very easy for cybercriminals to create fake numbers and to hide behind these. These numbers are very hard to track and be used to create phone numbers that appear to be local or that use a 1-800 prefix. Some cybercriminals will create VoIP numbers that appear to come from a government department, local hospital or police department.
3. Caller ID Spoofing
Similar to VoIP vishing, with caller ID spoofing, the cybercriminal hides behind a fake phone number/caller ID. They may list their name as Unknown or pretend to represent a legitimate caller, using an ID such as Government, Tax Department, Police, etc.
4. Dumpster Diving
A simple and still very popular method of collecting valid phone numbers is to dig through dumpsters behind banks, office buildings, and random organizations. Often criminals will find enough information to deliver a targeted spear vishing attack against the victim.
Critical to the success of every type of phishing is social engineering. People should be suspicious of callers who use urgent, forceful, or convincing language. It’s important to remember that Microsoft tech support, Amazon, or your local hospital will never ask for your personal bank information or PIN codes.
I think most of us will experience at least any one of this methods but it all happened before now we're all aware of it so hereafter we will be very careful in this situations. But still we need some guidance against those bad people for that use the following precaution methods.
- Never disclose or confirm any personal information over the phone in an unsolicited call.
- Register all your cell phone numbers with the “Do Not Call” registry.
- Try to have a mobile plan that provides caller ID details.
- Use a phone number search tool.
- Don’t respond to random emails or SMS text messages directing you to call an unknown number.
- Study your caller very well by paying attention to every detail of the conversation. If they ask for personal information or something about the call seems suspicious, then follow the next tip mentioned below.
- If unsure of the caller’s legitimacy, hang up and call the organization they claim to represent back using an official phone number.
- If someone calls claiming they’re a company executive and makes an unusual or urgent request, inform them you’re hanging up and will call back on an official line to confirm these details.
Now you all understand the concept better.
Thank you for your Precious Time!
Bye!
good one
ReplyDeletecheckout the amazing article vishing
ReplyDelete