You’ve probably heard of phishing, a form of social engineering attack wherein hackers use emails to try to catch people off guard, gaining access to secured networks or sensitive data. Phishing is an incredibly common form of cyberattack, with billions of phishing emails sent every single day.
But cybercriminals are a crafty bunch, and as awareness of phishing scams has increased, their methods have grown more expansive. Today, many hackers use phone- and voice-related scams in an effort to prey on unsuspecting people (including corporate employees) and to infiltrate private networks.
Why is Vishing So Effective?
You may wonder how a vishing attack could ever fool anyone. After all, you can hear the voice of the person on the other end of the phone. You should be able to tell whether they’re someone you know and trust, or some illegitimate scammer… right?
Well, not always. Our human instinct is to trust the words, not the voice. If someone calls you saying they are from your bank, credit card company, or some other institution, and that they urgently need a little information to help deter fraud activity on one of your accounts, it’s not at all unlikely that you would believe them, especially in the heat of the moment.
In fact, vishing attacks can be more effective than phishing emails, precisely because there is another human being on the other end of the line. Locked in conversation, our instincts kick in: Instincts to help, to collaborate, to be polite, to tell the person what they want to hear.
Sadly, this all too often results in the loss of private or confidential information. And when employees of an organization fall prey to vishing attacks, the results can be profoundly disruptive.
What are the Common Types of Vishing Attacks?
As a business owner, you should know about two common types of vishing attacks. Alert your employees to be vigilant about both types of vishing.
Hybrid Attacks
A hybrid attack combines the methods of phishing and vishing.
For example, say you get an email that seems like it’s from your bank, or from a company whose product you recently purchased. The email tells you that you need to take some kind of action to secure your account or to verify your purchase, providing you not with a link to click but with a phone number to call.
When you call that number, there is a hacker waiting on the other end of the line to harvest your personal information, using it to breach your sensitive accounts.
Hybrid vishing schemes are incredibly common; in fact, their frequency shot up by more than 600 percent last year alone. Be aware.
AI-Based Attacks
Hackers are increasingly keen on using AI technology, and one of the most disturbing examples of this is how criminals can use AI to replicate the sound of a person’s voice. So, if you receive a call from an unknown number but it sounds like it’s your boss or your business partner, be on guard. There’s a high chance it could be a deep fake. AI-based attacks have also seen extraordinary growth in recent years, with some studies putting their growth rate at more than 900 percent over just the past few months.
How to Protect Against Vishing Attacks
Vishing attacks try to exploit our natural curiosity and our desire to be helpful. Thankfully, there are some best practices that offer protection.
- Verify the person you are speaking with. Ask them to send you a link from a reputable domain, or hang up and call back using what you know to be a legitimate line.
- Never give sensitive information, like online passwords, over the phone. Most legitimate organizations will not ask you to do so.
- Provide vishing awareness training for all employees, especially those who are in charge of answering the phones.
- Prioritize password security for yourself and for all employees of your organization.
- Talk with your IT security company about protocols to minimize vishing risks.
At BlueArmor, we offer a range of solutions to help our clients stay free and clear of vishing incidents. We’d love to walk you through some of the tools we provide. Reach out to us whenever you’re ready to chat.