Don't Allow Yourself to Become a Victim of "Vishing"
Blake A. Klinkner Washburn University School of Law Topeka, Kansas
With the increase in teleworking which has resulted from the COVID-19 pandemic, there has also been an increase in cybersecurity threats and scams, attempting to prey upon those who are working remotely and without in-person verifications. "Vishing"is one particular type of cybersecurity threat that has seen a marked increase since the outbreak of COVID-19. Readers should become familiar with the hallmarks of an attempted vishing attack, and should follow some key tips to avoid becoming a vishing victim.
"Vishing" is a type of threat that combines voice with phishing. Vishing differs from typical phishing scams, which usually rely upon fraudulent email messages, by involving phone calls made to intended victims. "Vishers" choose phone calls to scam, because they believe that individuals who are wary of suspicious emails maybe less cautious when speaking over the phone. Often, a vishing attack begins when an intended victim answers a phone call, and is greeted by an actual person claiming to call from the victim's employer, bank, or some other trusted source. Other times, a vishing attack is commenced when the intended victim answers an automated call, requesting the victim to enter sensitive information over the phone through a series of prompts. Vishing attacks may also begin when victims receive voicemails, purportedly from trusted sources, and call back.
Vishers conduct "social engineering" on their victim prior to calling, which is a process whereby vishers research the victim's background to obtain personal information which may be used to gain the trust of the victim. For example, vishers frequently mine company websites, professional networking sites, and social media accounts to gain information such as job titles, employment timeframes, educational history, and office location prior to making calls. Vishers will then recount such personal information to the victim at the start of the phone call as part of a bogus "verification," hoping that the victim will assume only a trusted authority would know such information.
Once a visher has gained the trust of the intended victim, the visher will attempt to extract information from the victim for immediate fraudulent gain. Often, a visher...