What is Voice Phishing & How to Avoid Voice Phishing in 2023

Phishing, or in particular, voice phishing (also known as “vishing”)is technique criminals use to obtain personal and financial information via phone calls, emails and other unsolicited messages. Scammers use random numbers to call people and lure them into giving up their personal or financial information.

For example, a scammer may call someone disguised as a bank employee and try to get your secret PIN by saying that your credit card or account has been hacked and that they’re trying to fix it. Voice fishing has become very common over the years.

In the span of just four years (2012-2016), a group of voice phishers stole hundreds of millions of dollars and personal information from more than 50,000 people by pretending to be the IRS and immigration officials on the phone.

You can be the next target of the upcoming wave of voice phising. So you should be ready for it. Here are some tips and suggestions that can help you avoid voice phishing.

What is Voice Phishing & How to Avoid Voice Phishing

How to Protect Yourself from Vishing

There are a few precautions you should always take in advance in order to avoid being phished. While con artists will always find new ways and be persistent in their attempts to scam you, as long as you use common sense and stick closely to the following procedures, you should be good.

1. Don’t Talk to Strangers (or Robots)

Here are a few basic pointers on how to answer calls:

  • Do not pick up the phone if the number is unfamiliar. Put the caller through to voicemail and pay close attention to their message if you’re unsure about returning the call. Spoofing caller ID and phone numbers gives the recipient a false sense of safety.
  • Hang up and put that number on your block list if you’ve answered a strange call.
  • Don’t ever call someone back. Consult official sources such as credit card providers, customer service websites, and online directories for contact information.

2. Slow down, think before you act

Slow down, Think Before you act

It is human nature to trust those with whom one interacts. Our instincts prevent us from pausing to consider, “My caller ID indicates this is my bank; the caller knows details about me and says they’re from my bank…maybe this isn’t my bank?” However, it would help if you did that.

Suppose you have any doubts about the legitimacy of a call. In that case, you should disconnect, look up the number of the organization you believe you were speaking with, and call them immediately. Banks also often roll out a list of popular fake numbers that have been circulating around moonlighting as the real number, so make sure you’re up to date on all fronts.

3. Don’t press buttons or respond to prompts

Never interact with a message that appears automated by pressing buttons or answering questions. You can remove yourself from our list by pressing two or requesting to speak with an operator by responding with “yes.” Scammers often use these tactics to identify possible targets for more robocalls. They may record your voice so they can use it to access your account information via a voice-activated phone menu.

4. Don’t disclose your Passwords or Login Information

Don’t Disclose Your Passwords or Login Information

Hackers employ vishing techniques to con victims by requesting private data such as debit card/bank account data, login information, passwords, or social security number. It’s not uncommon for them to use techniques like appealing to victims’ sympathy (“I’m in real trouble, and you’re the only person I could think to call”) or attracting them in with the promise of special offers (“If you haven’t found that perfect Christmas gift yet, have I got a deal for you!”).

These manipulations often involve using fake IDs and falsely claiming to be someone they are not. It is vital to note that banks and other financial organizations would never demand debit/credit card information, user names, and credentials over the phone.

Consequently, keep your PIN, credit card verification number (CVV), and one-time password (OTP) secret. You should be aware of possible phishing attacks if you frequently receive calls or texts asking for personal information.

5. Use a caller ID app

Use a caller ID app

The native caller ID systems of both Google and Apple have experienced profound development over the years. Nevertheless, numerous spam calls and fake IDs cannot be effectively managed by the Android or iOS operating systems. The proliferation of VoIP services has made it simple for con artists to generate fake phone numbers.

Because of their hidden identities, they give little indication of their location when making a call. To better recognize and reject unwanted calls, quality caller ID software can be quite helpful. Truecaller could be the best solution for both Android and iOS devices.

Truecaller has been downloaded over 500 million times and is used by over two billion people every month. Only legitimate phone numbers and those with a spam track record are prohibited. It is possible to report a phone number to their database if you believe it is being used in a vishing scam.

6. Ask questions

Ask for identification and company information verification if the caller claims to have a free reward or offers to sell you something. Block if the caller declines to provide the requested information. Before giving out any personal information, ensure the caller has given you accurate information.

Be vigilant in your tone and demeanor, even if you’re in the wrong you need to make sure you’re asking the right questions. Don’t feel out of place or nervous as it is your right to inquire about any suspicious activity. Improvise as you go and keep the second point in mind; slow down and think before you talk.

7. Register your phone number with the Do Not Call Registry

Informing telemarketers that you do not want to receive calls at your residence or mobile device is as easy as adding your number to a free registry. Most legitimate businesses will refrain from calling those on this list. Thus, any contact from a telemarketing service is almost certainly a vishing scam. The FTC offers a dedicated website where you can register your home or mobile number for free.

8. Never give remote computer access

To gain access to your computer, a visher can claim they need to remove malware or address another problem that requires them to use your computer. Without first confirming their identity as a member of the IT department, you should never let anyone else access your computer. 

9. Report suspicious incidents

Multiple victims are often subjected to the same scam by the visher. If you think your company or institution is the subject of a vishing attack, you should notify the proper authorities immediately.

10. Be suspicious of unsolicited phone calls

It’s crucial to encourage people to be cautious and attentive when answering their phones, especially since more people are working from home, so more calls will be received randomly. Make sure everyone on your team knows how to recognize a vishing scam and what to do if one is attempted.

11. Be aware of fear-mongering

Be aware of fear-mongering 

If a caller tries to generate a feeling of stress and fear, it suggests you’re most likely interacting with a scammer. Legitimate professional agents wouldn’t behave in such a way, as they’re taught to maintain composure and practicality even in high-stakes circumstances involving fraud prevention.

However, con artists are smart and know how to play on your concerns to get their way. These con artists are aware that fear causes us to make unwise choices. End the call and find the real number for the company to report the call.

12. Verify any sensitive information request by calling a known number

Do not give up any personal information, not even your date of birth, if you get a call from a number you don’t recognize or a person you recognize but aren’t expecting to call you, particularly if the caller wants you to verify your identity, by giving them any information, including your name. Scammers want you to respond and provide your personal information.

Final Thoughts

Voice phishing attacks are on the rise and can damage individuals, businesses, and organizations. Be aware of any suspicious phone calls and always verify the caller’s authenticity before providing it to anyone. Register your phone number with the Do Not Call Registry to avoid most telemarketing scams.

Finally, if you think a caller may be trying to scam you, stay calm and do not provide any personal or sensitive information. Report the incident to authorities or the security staff at your organization so they can protect other targets. With these tips in mind, you’ll be better equipped to stay safe from vishing scams in the future.

All images courtesy of Canva.

ABOUT THE AUTHOR

Kamil Anwar


Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.
Back to top button