Vishing, What Is It?
Vishing, What Is It?
We increasingly run into more tools from the bad guys to get ahold of our information.
Given the amount of time we spend connected to the network on a daily basis, it is important to stay watchful and have some kind of knowledge about what cybercriminals do nowadays. We increasingly run into more tools from the bad guys to get ahold of our information. Suspicious phone calls, emails or SMS that request our personal data and whose sender is not clearly known, etc.
Phishing is perhaps one of the most extended concepts in this field, but there are more scamming methods. Among the ones that are becoming more popular there is that of the so called "vishing".
Vishing consists of a modality of scamming through phone calls based, as they explain from the Internaut Security Office, on social engineering and impersonation and whereby the attacker impersonates someone from an organization, a person or company to obtain certain information.
Their modus operandi is divided into two steps. First, the attacker will have first obtained confdential information about their victim, like their name, second name and surname, their email, their address, part of the data of their credit card, etc. This can be obtained through other attacks on their victims, like phishing.
Next, there is a phone call to the client impersonating their bank, a courier company or an assistance service to use the previous information and for their victims to trust them. Afterwards they will try to obtain more information and get the user to install some malware in their computer or make some kind of payment.
We increasingly run into more tools from the bad guys to get ahold of our information. Supicious phone calls, emails or SMS that request personal data and whose sender is not clearly known, etc.
What to do in case of becoming victim to a vishing attack
There are times when we realize right away that the call has a suspicious nature, but there are others where the system is quite refined and their deceiving method is more sophisticated.
It is very important to sever all comunication right when we realize something's off. From then at INCIBE they recommend to follow these steps:
- Scan your device with an updated antivirus.
- Delete any files you may have downloaded from your email.
- Block the number that contacted you.
- Change the passwords of those accounts that may have been compromised.
- Activate two-step authentication in accounts that allow it to prevent impersonation.
- Contact the bank to cancel any non-authorized payment or cancel your credit card if necessary.
- Compile all possible evidence and file a claim to the police.
These might interest you...
Phishing alert!
Is Your Company Ready for a Possible Malware Attack?
How Long Ago Was Your Last Backup?