Blog

Don’t Fall Victim to Vishing!

posted by: FraudWatch International date: May 25, 2016 category: All, Phishing comments: 3

In today’s world of online communications and the associated threats, you could be forgiven for thinking that the “old-fashioned” ways of contacting someone, like a phone call, would be safer. Unfortunately, this is not the case. Whilst email scams are still a significant money earner for cyber-criminals, phone scams are becoming more and more popular.

What is Vishing?

Voice Phishing (or Vishing in its abbreviated form), is a social engineering technique for stealing information or money from consumers using the telephone network. These phone scams can take on a couple of different guises. Either they are incentive-based – “You have unclaimed money waiting” or they use scare tactics – “Pay us or else!”

FraudWatch International often sees a spike in Vishing at tax time with scams impersonating government taxation departments. People often fall for these types of phone scams, because they don’t keep track of their taxes, and therefore it could be plausible that the tax office owed them money, or that they had made a mistake on their tax return and now owe the Tax Office money.

How Does Vishing work?

Vishing can either be inbound (the scammer calls you) or outbound (the scammer asks you to call a particular number), and there are points to be aware of in both situations.

Inbound:

  • The scammer will often create a fake Caller ID, so that the number you see on your phone’s display seems legitimate. This technique is called ‘Caller ID Spoofing’ and is extremely easy to achieve, particularly with Voice Over IP (VOIP) and SMS Gateway technology.

Note: There are companies like “VOIP Fake”, that allow people to pay for 100 minutes of calls and they can choose which number to dial from. Using these facilities they could choose 000, or a local number, when in actual fact, the call is coming from India. Caller ID is not to be trusted.

  • If you don’t pick up the call, they may leave a message saying something similar to, “You have $500 in unclaimed funds. Please call this toll-free number to arrange payment”. Or they may threaten you on the phone by saying something like, “You owe the Taxation Office $1000. You must transfer this money immediately; otherwise the police will turn up to your house today”.

Outbound:

  • If you call the phone number the scammer has provided, you will be instructed to provide your credit card details, or other personal information, which can then be used by the criminals to commit fraudulent activities.
  • Another trick the scammers use is to ask the victim to hang up and call their bank to verify the information being given. When the caller hangs up, the scammer does not, therefore keeping the line open and remaining connected when the victim picks up the phone to dial out. The criminal can then spoof a dial tone when the victim dials and then get an accomplice to answer and impersonate whoever the victim is trying to call. This is known as a ‘no hang-up’

Note: This technique generally only works with traditional land line telephones.

How to Avoid Vishing

  • Don’t trust Caller ID. Just because the number displayed on your phone seems to be from a company you recognise, there is no guarantee it is really coming from them. As mentioned earlier, Caller ID Spoofing is very easy to do.
  • If you don’t have the luxury of another phone to call from, wait 5-10 minutes before dialling out. That way, there is a good chance any automated systems the scammer might be using to create fake dial-tones, will have timed-out.
  • Ask questions. If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out online to see if they are legitimate.

Note: It is important to recognise the distinction between Telemarketing and Vishing. Whilst telemarketers can be annoying, they are generally not being malicious. By registering your number on the Do Not Call Register (https://www.donotcall.gov.au) you will virtually eliminate any calls that are not scams, because most legitimate telemarketers obey the rules and laws around contacting customers.

  • Call them back. Tell them you will call them back and then verify the legitimacy of the company, or better still, call back using a number from your bill or the back of your card, or from another trusted source.

The best way to protect yourself is NEVER provide credit card information or personal details to anyone who calls you.