What Exactly Is Vishing?
Tech Tips From Curtis Hyde

What Is Vishing?

Vishing is an attack on computers and networks that is increasing across America. A vishing attack is when someone uses a phone to enter your IT system or obtain personally identifiable information or download malware. You might wonder, “How is this possible?” We’ll tell you here.

A vishing perpetrator will work to get access to your company’s phone numbers. When you answer the phone, he’ll say he’s from your IT department and that you must follow his instructions to fix your computer.

Imagine this scenario:

• Someone calls your desktop phone posing as your IT company.
• They say that they’re calling to help you update some things in your computer.
• You’re told to go to a specific website. You visit the site, and it’s built to look like one of your company’s websites.
• You log in as instructed.
• Next, you’re told to download a file from the website and more.

What’s really happening? You’ve downloaded a virus into your computer that’s capturing all of your keystrokes. Everything you do from now on will be captured by the imposter due to the virus you downloaded.

How Else Do People Get Vished?

PII Scams: The visher will try to get you to provide personally identifiable information (PII). He’ll use this to steal your identity or get access to your credit card numbers or financial accounts. Some people call this a phone scam.

Malware Scams: Vishing is also used to spread to malware and other viruses. You might get a phone call from the visher who is pretending to be a support representative. They’ll say they want to help you “fix your computer” because a virus or other problem was detected (the scenario we described above).

The visher will ask you to download remote support software, so he can fix the problem on your computer. What you’re really downloading is malware that will infect your computer.

VoIP Scams: A visher can access your data via VoIP (Voice over Internet Protocol). Vishing is the IP telephony’s version of phishing. It uses voice messages or phone calls to steal identities and money. VoIP is more vulnerable than a Public Switched Telephone Network (PSTN) landline. And unlike with PSTN, VoIP phone numbers can be set up and deleted within a few minutes. This makes it nearly impossible for the authorities to catch vishers.

Voice Mail Scams: The visher will leave a voicemail informing you that your bank account was compromised. You’ll be instructed to call a toll-free number to reset your account’s security settings. Then you’ll be asked to key in your bank account number or other private info on the keypad.

Free Prize Scams: The visher will pretend to be from a legitimate business. They’ll call saying that you’ve won something and to obtain it you need to follow their directions. You’ll be offered something like a:

• Free product.
• Free service.
• Free trip.
• Extended warranty for your car or another piece of equipment.
• Opportunity for a profitable investment.

In order to receive the “prize”, you’ll be asked for your credit card number to close the deal. The visher will then sell your info on the Dark Web or run up charges on your card.

How Do You Avoid Getting Vished?

Pay attention when someone calls posing as your IT department or a representative from your bank or a business. If you’ve never met them, or you’re not familiar with them, hang up the phone. Cut the connection and immediately call your IT company, bank or the business they say they’re from to verify the caller’s identity.

Do the same with any automated messages you receive. If the visher says that they’re from your bank, hang up and call your bank to find out if the call is legitimate.

Just like you would check out any phishing email perpetrators, check out the vishing perpetrator. Never follow their directions until you verify that a caller is authorized to give you instructions.

Here’s what the US Government says to do:

Think twice – Treat calls from unknown numbers just as if a stranger approached you on the street with the same offer. If you wouldn’t give your info to a stranger, don’t give it to the caller.

Educate yourself – Legitimate companies and organizations generally never ask you to provide your PIN or password over the phone or online.

Hang up – If you get a call from anyone (or a recording) asking for PII, hang up.

Don’t trust caller ID – It can be hacked as well to show you a false number.

Document the call – Note what was said, what information they wanted, and, if possible, the phone number or area code of the caller.

Do not “confirm” PII – Never give out a credit card or social security numbers (SSN) to callers looking to “confirm” your account information. They aren’t confirming it; they never had it in the first place.

Do not pay – If a caller says you have to pay a fee, it’s not a gift or a prize; it’s a purchase.

Report it – If you think you are a victim of vishing, write down what happened and how you first noticed the fraud. Keep all paperwork that you think may be helpful in the investigation. Then, follow the steps below:

• Contact your local police and file a police report.
• Contact the financial institutions, credit card companies, phone companies and any accounts you suspect may have been opened or tampered with.
• Report it to the Federal Trade Commission at https://www.ftccomplaintassistant.gov/ or by calling (888) 382-1222 and the FBI’s Internet Crime Complaint Center (I3C) at https://www.ic3.gov/default.aspx.

If you have any questions about vishing, or if your computers get infected from vishing, contact the team at Colorado Computer Support. We’re here in Colorado Springs and always happy to help.