vishing scam

Vishing: Understanding the dangers and how to protect your company

Have you ever heard of Vishing? You've probably already come across a situation similar to this: Imagine that you are accessing a website and suddenly a notification appears warning you that your computer or device is contaminated and the problem needs to be resolved. This link is usually accompanied by a telephone number so that you can contact the responsible company to resolve this situation.

Let's say you make a call and are answered by a supposed technician who, upon charging a certain amount, offers you the best solution to the problem. And that is what this threat consists of. One of the vishing strategies is to offer supposed antivirus software upon payment of a certain amount, in most cases, providing credit card details.

The reality is that this software does not work, and the credit card information you provided to pay the fee is used to carry out more substantial financial scams (in addition to paying for the supposed software itself).

The evolution of technology has been very beneficial for society, bringing innovations that make our daily lives much easier and optimize tasks that were previously considered complex. But this advancement has brought several threats that can cause a lot of damage to people and organizations.

Telephone scams have been occurring since the emergence of this technology, and over the years criminals have developed increasingly efficient traps to deceive their victims . A strategy that became very famous was the fake kidnapping scam, which claimed several victims and had a huge impact on the lives of thousands of people. To make these threats even more effective, cybercriminals began to use social engineering to strengthen their narrative and make victims place even more trust in what is being presented as truth. Understand how social engineering can be applied to cyber scams:

The threats that come to us through telephone calls are known as vishing and are equally dangerous, and can cause many problems for their victims, from the leakage of personal information to major financial fraud for companies.

Vishing scam: how does it work?

The Vishing scam works as follows: through a telephone call, criminals try to trick their victims into providing valuable information, such as personal data, address, credit card details, among others.

To make this possible, during the call they use strategies and tools to deceive their victims (as is the case with social engineering) and make them believe that it is a legitimate and safe contact. Currently, this type of scam is being used more often to steal credit card information or identification documents.  

Since people are more prepared than they were a few years ago, for this scam to be more effective and deliver the results that the scammer expects, there is a technique called War Dialing , which scans a list of telephone numbers and speed dials these contacts so that, when faced with a large number of calls , it can capture a victim.

With the advancement of the internet and digital transformation, this type of scam also began to be used with Voice Over internet protocol – VoIP . This type of telephone service works exclusively over the internet and many cybercriminals are using this tool to hide their real identity and make more and more victims.

Vishing vs Phishing vs Smishing: understand the difference

By using some strategies with the aim of deceiving their victims, many people confuse vishing with other scams, such as phishing and smishing. To be able to determine the difference, we need to know which channel each of them uses to reach their victims .

Phishing aim of making users access malicious links and files, which are sent via email. This is one of the most dangerous threats on the internet, mainly because the most unsuspecting users are unaware of the risk that accessing this type of link or downloading files can bring.

This link usually requests access information, full names, personal documents, credit card data.

Smishing refers to a fraud that reaches users through the SMS service. Generally the text of the message received contains a malicious link whose objective is to steal information. Both vishing and smishing are threats derived from phishing , varying only in the channel used to reach users.

Vishing can be carried out through real calls or with robocalls, which are programmed to reach an increasing number of victims. With more than 2.47 billion calls made by Anatel , these automatic calls already represent more than half of all calls made in Brazil, which demonstrates the size of the risk they represent for users and companies.

This type of scam usually makes calls offering unmissable promotions, solutions to technical problems, discount packages, extended warranties, and much more. The next step is to request the full name, residential and business address, identity number, CPF, driver's license, financial data, etc. With this information in hand, they are able to carry out numerous types of scams , even opening accounts and taking out loans from financial institutions.

Knowing how to recognize it is essential: identifying the vishing scam

Knowing how to recognize the main internet threats is the first step to being able to protect yourself from the damage they can cause. The first step is to never provide personal information via links, forms or telephone calls unless this contact was your initiative.

If any company contacts you, such as government organizations, financial institutions or companies with which you have already had contact at some point, bringing information about pending issues or offering promotions, end the contact and call again to verify the veracity of the contact.

It is important that this contact is made extremely carefully, using the contact numbers available on the company's official website. This is because cybercriminals, thinking about the most inattentive users, plant fake phone numbers on the internet on unreliable websites , causing several users to believe it is the number of the company they want to contact.

Also avoid answering calls or responding to SMS from contacts and numbers you don't know. So that you understand the risk, did you know that even answering calls to say that you no longer want to receive this type of contact is contraindicated? This is because this behavior provides cybercriminals with very valuable information: that this number is legitimate, active and that you can be contacted in other ways.

The reality is that, with so many threats surrounding our routine, it is important to always be suspicious of everything. 

It is important to prepare to ensure safety

As we have seen throughout this material, vishing can be a very dangerous threat to our data and risky behavior within the company can cause considerable damage. Receiving this type of contact can, in addition to impacting productivity, cause a huge loss for the business.

Falling for this type of scam can encourage both the leakage of information that could harm the brand's positioning and reliability in the market , and financial scams that can be applied through the data provided, such as financial fraud and extortion.

Lumiun created to make the routine within your company safer and more efficient . With resources focused on the security and protection of your business's , we have exactly what your company needs to maintain data protection and ensure that your employees stay away from problems on the internet.

Lumiun DNS Free Trial