What is Phone Phishing, Voice Phising or Vishing?

Phone Phishing or Vishing (short for Voice Phishing) is a rising type of Social Engineering fraud. It is becoming popular as it adds a level of human manipulation into the attack.

The scam artist will initiate a call to randomly pre-selected numbers and then proceed to try to gain information or access to machines. Sometimes also known as pretexting, the scammer uses techniques to convince the called party that they are a genuine caller requiring some information or access to assist with an action. The caller will establish a rapport, and using known large organisations for cover (think Microsoft, Apple or BT) and with a little probing will trick called parties into confirming or correcting information over the phone.

In some recent cases presented to Urban Network, we have heard of callers requesting that members of the public divulge personal information to callers as part of a greater scam. In other cases, the caller suggests that they are working for a reputable software vendor like Microsoft and need assistance gaining access to the user’s PC to ‘verify a known threat’. Of course, no genuine caller would ask for personal information, or to get access to a machine that was not instigated in the first instance by the called party.

Phone Phishing Vishing examples

Security tips

If you receive a call asking you to give information or access, it is almost certainly a social engineering attempt to trick you. Hang up, if you feel the need call the organisation yourself using a known genuine number (e.g. a bank number on the back of your card) and ask if you have been contacted.

Be wary of any inbound call where the caller is asking for your personal information, this is simply not how it works, and even if on the rare off-chance it is, then calling them back is perfectly acceptable.

Download-free-CyberSecurity-eBook-Quick-Guide-to-Today's-Cyber-Threats