When technology becomes marketable, it’s only a matter of time before fraudulent activity exploits the applications used every day by businesses.
Many trusting people and businesses have fallen victim to cons and scams such as spoofing, the forgery of an e-mail header so that the message appears to originate from someone else; bogus offers; requests for help; and most notably, phishing, an attempt to fraudulently acquire sensitive information such as bank, credit card, or password specifics.
So it’s no surprise the latest plan of attack, vishing, is focused on utilizing Voice over Internet Protocol systems to gain access to personal information. The term “vishing” is a combination of “voice” and “phishing.” Vishing is like phishing but can be conducted over email or VoIP phone lines.
One scenario of a vishing scam is like a typical phishing scheme: A message is sent to your e-mail but instead of asking you to click the link and provide information via the Internet, you’re asked to do it over the phone with the fraudulent phone number provided. Usually set up as a “customer service” station, the caller is lead through a series of voice-prompted menus that ask for account numbers, passwords, and other sensitive and critical information regarding the account.
The second scenario is an actual phone call, often from a VoIP account. Criminals can use software programs to create fake automated customer service lines. Vishers are even able to mask the number they are calling from in an effort to thwart the use of caller ID. They can even have the number and name of the financial institution they are falsely representing show up on the screen itself. The call is either a live or a recorded message directing the end user to take action on the account in question. Usually the scammers already have some information on the victim, such as credit card numbers and other account information furthering their “legitimacy” and exploiting the trust of the person on the other end.
According to the FBI’s Internet Crime Complaint Center, attacks are starting to occur at an alarming rate as VoIP systems gain in popularity. So what can businesses do to protect themselves and their employees from becoming victims?
- Educate staff: The most important and often overlooked aspect of keeping employees safe is to educate and make them aware of these types of scams. Many times, especially when people are busy, they might overlook what is actually happening at the moment. By being proactive, sending out warnings such as this article, or having a sit-down and discussing the scam itself, staff can remain vigilant and thwart these types of attacks.
- Be suspicious of calls asking for financial information: If employees receive a suspicious phone call and are unsure whether it’s real or fake, have them ask for a number and contact information so they can call back later. This information can be used later when speaking with authorities. Even safer than having them call the documented number is to have the employee hang up, independently look up the real number, and call the bank or other institution directly to verify the validity of the information they received.
- Use monitoring software: By putting monitoring software such as VQManager from Develcon in place, a company can identify vishing attempts by watching for consistencies, patterns, and anomalies in call activity. Many attackers make multiple calls from a limited set of VoIP numbers. By monitoring these numbers, your company can block these calls.