Vishing Attacks and Their Prevention


Social engineering refers to malicious attempts to steal an individual’s (or group of individual’s) money or to retrieve confidential information, usually via the use of modern technology, but not always. Among such ways in conning people to give away their financial details or money, vishing, a less heard term, has inflicted losses of millions of dollars to many individuals.

Vishing: Definition

To define it in the simplest way, vishing is a socially engineered method of stealing money and information from the customers through telephone calls. The term ‘Vishing’ is the amalgamation of the words ‘voice’ and ‘phishing’. Phishing, as many people know, is an online con which convinces people to disclose their valuable information.

A Famous Case of a Vishing Scam

Few years ago, there is a multi million dollar vishing scam happened with three companies involved. These companies based in Florida and Illinois nearly made 1 billion phone calls (robocalls) to residential and business phone numbers and individual cell phones.

According to the officials of Federal Trade Commission, who filed a lawsuit against these companies for breaching the Do Not Call registry law, this telemarketing-cum-vishing schemes have been the most forceful and aggressive ones that the commission have come across.

These companies rip people off for more than $10 million in the span of two years in the name of fake extended auto guarantees. These companies also violated another law by blocking and masking their caller IDs.

Voice Over IP Technology: The Main Tool for Vishing Frauds

Cornerstone of vishing frauds is the implementation of caller ID spoofing to create a perception that the incoming calls are from legitimate and authenticate phone numbers. These phone calls then contain a recorded message offering and enticing people with lucrative offers. For instance, vishing calls are used to sell sham extended auto warranties very reasonably as compared to the actual prices of this type of warranties. In some cases, callers are asked to enter their banking card details and other confidential information.

Vishing has become more prevalent in recent years with the advent of voice over IP phones. Conventional circuit-based PSTN phone lines were difficult to hack and hence there were less cases of caller ID spoofing. But in voice over IP phones, no circuits are involved. Caller IDs are based on IP addresses and callers are actually able to assign themselves with the phone numbers they want.

What laws says about Voice over IP phones and Caller ID spoofing?

Voice over IP calling system, like any other contemporary technology, has both its legitimate and illegal uses. Likewise, caller ID spoofing itself is not illegal as per the law. It can be used by legitimate businesses and domains to maintain their privacy e.g. physicians can use caller ID spoofing when contacting patients from their residence.

However, caller ID spoofing becomes illegal when it is used to imitate someone else’s identity or when it is used with treacherous intent (persuading people to buy sham schemes and retrieving their confidential information).

Prevention of Vishing Scams

Vishing scams are carried out by individuals and shady organizations (usually telemarketing ventures) to rip people off their valuable money. By keeping in check few things, you can easily save yourself from the consequences of vishing attacks.

Don’t Share Your Banking and Financial Details Over Phone

Except if you know the caller in person, it is advised not to share any of your confidential banking details over phone. Internet banking details and card verification values are some of the vital information bits scammers will try to retrieve from you. Don’t even share the expiry dates of your credit/debit cards over phone.

Many people get conned through vishing scams because they put extra trust on their caller IDs. Don’t reveal any details even if you recognize the phone numbers displaying on your device.

Remember that banks and other legitimate businesses don’t ask for such confidential information over phone and emails.

File a complaint with Federal Trade Commission

If you are receiving numerous unsolicited calls offering you some unreal offers of products and services then immediately file a complaint with Federal Trade Commission with the details of the vishing call. The best way to avoid and red flag vishing attacks is to register yourself with the National Do Not Call registry.


Posted On November 28, 2017