Previously we’ve published several articles about email phishing scams and how to best avoid them. We even put together an infographic on the Top 5 Phishing Red Flags, which you can take a look at here.
What we haven’t yet discussed is a different kind of scam that doesn’t rely on email to capture your information: vishing.
Over the past several months we’ve seen a frightening increase in the number of vishing scams we and our clients are receiving on a day-to-day basis. Unfortunately, with how successful these scams often are, we don’t expect this trend to reverse course.
To help you better identify and avoid this threat, we’ll walk you through what exactly vishing is, what some common scams look like, and what the most telling warning signs are.
What is “vishing”?
Vishing, short for “voice phishing,” is a kind of social engineering scam that happens over the phone.
The caller ‑ sometimes an automated message ‑ tries to trick you into revealing your credit card number, your password to an account (likely one that will give them access to financial information), your Social Security Number, or similar sensitive information.
The caller will pretend to represent a trusted entity of some sort, like your bank, your phone provider, or your computer manufacturer.
Examples of vishing
Here are a couple real-world examples of vishing to give you a sense of how these scams play out:
Microsoft calling to remediate a security breach
You receive a call from “Microsoft” or “The Windows Department,” often from a 1-800 number that is legitimately associated with the company. The representative tells you that they’ve received an alert of a security breach on your computer that needs to be addressed straightaway.
The representative will be happy to resolve the issue for you ‑ just verify your credit card information over the phone so they can deliver the service. Once that’s verified, they’ll request that you allow them remote access to your computer so that they can perform the clean-up.
Now they have your credit card and access to everything on your computer ‑ files, saved account credentials, everything.
Verizon calling to confirm a phone order
You receive a call from “Verizon” about an order of new phones ‑ an order you didn’t make. The representative could do you the favor of canceling the order, but needs you to verify your account credentials so they can be sure you have the authority to make the change.
As a final step in the process, they’ll send a verification code to your phone, which they’ll need you to read back to them.
Now they have total access to your account, including all the billing information stored there.
Top red flags for a vishing scam
You should immediately be suspicious of any phone conversation where the person or automated message:
- Claims to represent a big-name company like Microsoft.
- Requests “verification” of your account information, such as your username or password.
- Demands any personal information such as your Social Security Number or date of birth.
- Asks for your credit card or banking information.
- Says they need access to your computer.
If you suspect a call might actually not be a scam, still do not give out any information. End the current call, look up the entity’s phone number yourself (don’t use one they give to you), initiate a new call, and proceed from there.
It will take a few more minutes of your time, but it will protect you from having your credentials, money, or identity stolen from you.
Stay safe out there!