What is vishing?
Vishing is scamming via phone calls, effectively “phishing” by voice, hence the name, Voice phishing – Wikipedia
Unfortunately, like many other cyber-attacks, incidents are on the rise.
Because the damage is done over a phone call, they are even harder to prevent, except through education.
So, how does this cyber security scam work?
It starts with an email, which directs the victim to call a number – typically a call centre that is controlled and run by the hackers, (remember we have said before that cyber-crime is big business).
The initial hook to make the call comes in several flavours:
- A fake order. This could be for a expensive item, or it can be for something simple that the victim is unlikey to want. There will be an invoice attached claiming the money is being taken from a credit card or direct debit.
- A fake password reset. This could be anything, from your Amazon or Netflix account to the password of your bank account. The email will confirm the reset and ask that if it was not expected, then to call immediately.
- Confirmation of a fake bank transfer. Just like the password reset, this seeks to get you to ring to say it’s not real.
What these have in common is that the criminals aim is always to have the victim call the attacker.
Once they get you on the line, they can then pretend to help.
At some point in that help, they are going to ask you for information. It will probably be something like your credit card or bank account details.
With the high rates of online shopping, likely stock shortages and pent up consumer demand due to various lock down levels, New Zealand is ripe for this type scam.
Here’s the lesson – never call the contact number of the email. Always confirm the number by looking it up online.
Especially, never look up online by using the URL in the email. Always, go to your favourite search engine and let it find the website and phone number for you.