- Vishing -Cyber Security Information Article
Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. Sometimes referred to as ‘vishing’, the word is a combination of “voice” and phishing. Voice phishing exploits the public’s trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Some fraudsters use features facilitated by Voice over IP (VoIP). Features such as caller ID spoofing (to display a number of their choosing on the recipients phone line), and automated systems (IVR).

Protecting Yourself

Voice phishing is difficult for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers — vishers can in some circumstances intercept calls that consumers make when trying to confirm such messages. Although the use of automated responders and war dialers is preferred by the vishers, there have been reported cases where human operators play an active role in these scams, in an attempt to persuade their victims.

Another simple trick used by the fraudsters is to ask the called party to hang up and dial their bank – when the caller hangs up, the fraudster does not, keeping the line open and remaining connected when the victim picks up the phone to dial. When in doubt, calling a company’s telephone number listed on billing statements or other official sources is recommended as opposed to calling numbers received from messages or callers of dubious authenticity. However, sometimes hanging up and redialing is insufficient: if the caller has not hung up, the victim might still be connected and the fraudster spoofs a dial tone down the phone line when the victim dials and a fraudster’s accomplice answers and impersonates whoever the victim is trying to call. This is known as a ‘no hang-up’ scam. Hence consumers are advised to use a different phone when dialing a company’s number to confirm.

Source: Wikipedia