Phone Phishing Image

Vishing Guide

I the following, the terms "phone phishing" and "vishing" are used as synonyms, even if the former is slightly more generic than the latter, which often implies the use of VoIP technologies.

Phone phishing scams are like e-mail phishing ones, except that you will be asked to do/say something by phone.

Phishing is a fraudulent attempt, usually made through email, to steal your personal information. The best way to protect yourself from phishing is to learn how to recognize a phish. PhishTank

Similarly, phishing phone calls usually appear to come from a well-known organization and ask for your personal information, such as credit card number, social security number, account number or password, and so forth. Usually, phone phishing attempts pretend to come from services or companies with which you do not even have anything to do.

While phishing e-mails usually tell you to click a link to a website and submit your personal information, phone-based phishing directly ask you for such information. Legitimate organizations would never request this information of you via email or phone. In the past, this technique has been widely proven to be really effective.

Call example

  • Caller (synthetic voice): «Expiration Notice! This is the final notice to inform you that your car insurance is expired. You can renew your insurance by phone following the instruction. Please, enter your 4-digit PIN to speak with an operator, or simply hold on.»
  • You: «...»
  • Caller (human): «Could you please tell me your account number?»
  • You: «Which account number?»
  • Caller: «You car insurance is expired sir. Could you please tell me your account number so I can proceed to renew the service at no charge?»
  • You: «I do not remember my account number. But what do you need it for?»
  • Caller: «This is your car insurance company Sir, could you please tell me your last name, date of bird and address so I can look up your account information?»
  • You: «My car insurance is not expired. What are you calling for?»
  • Caller: «OK, Sir, no problem. Could you please say your last name and Social Security Number?»

What to be aware of

  • Nobody will call you asking for personal information. No company, service, bank, will ever call you prompting for personal information. This can happen only if you call the service operator; not the other way round.
  • Generic or absent greetings. Since answering machine are programmed to call a considerable amount of phone numbers, they are usually programmed to deal with any kind of person and subject (e.g., bank, car insurance, health insurance). For this reason, you will hear no greetings or just generic greetings such as «Dear Customer».
  • Urgency, expiration, repetitiveness. Like in the e-mail case, they will try to both confuse you with several questions and requests. While doing this, they will also try to convince you that a fast action can prevent, say, your insurance to expire.

A note on terminology

Phone phishing, voice phishing, vishing, voiching, phone scam, are all different terms often used to refer to the same, fraudulent activity.

Credits

The image used in this page has been modified from this page.