A growing number of people are becoming aware of the dangers of phishing emails. These fraudulent emails deceive recipients, convincing them to provide confidential information like names, addresses, social security numbers, passwords, and credit card data. But bad actors are using other attack vectors to commit fraud too. When a criminal uses voice-based communication to scam a target, it’s called a vishing attack. You’d think that a vishing attacks would be more challenging to execute than a phishing attack because you can typically hear the scammer’s voice. However, criminals use many different skills, techniques, and technologies to make vishing attacks more successful.
Table of Contents
Vishing and Phishing
What’s better than vishing? Vishing and phishing, of course. Some scammers use both attack mediums to trick their marks. It usually starts with a phishing email from an authority like a bank to an unsuspecting user. The email may carry a phone number for the victim to call to transition the scam to a vishing attack. Next thing you know, the target is sharing their credit number and security number with a fake banker on the phone.
Voice over Internet Protocol (VoIP)
If scammers were calling people from personal numbers, their careers as professional criminals wouldn’t last very long. Instead, they use VoIP or other forms of technology to dial their targets while masking their locations. Some software can even allow a bad actor to spoof their location by using a local number, which a target of a scam is more likely to answer.
The most prolific fraudsters have years of experience. They’ve also honed their skills by practicing with their teams. They know exactly what to say to achieve their goals because they have learned from trial and error.
Scammers often have foreign accents because they’re not calling from the same geographical location as you. They usually operate from countries where laws on vishing are either murky or relaxed. Of course, even faraway scammers can get into trouble. For example, one experienced scammer from Jamaica famously picked the wrong target when he called a former FBI director and judge. In a few years, the hunter became the hunted when he was arrested and sent to prison while on a trip to the United States.
A target is more likely to make an error in judgment when speaking to a scammer in an emotional state. Fraudsters can manipulate feelings like greed, love, lust, and compassion. For example, they may call the elderly while pretending to be raising funds for a charity. Or they may call a frequent lottery player asking for fees and taxes for a fake win.
A hacker may use malware like keyloggers, spyware, Trojans, or stalkerware to mine a target’s data in order to make a vishing scam more convincing. For example, they may learn a person’s travel habits through spyware before calling with an offer of a plane ticket. Alternatively, they may use a keylogger to read someone’s emails in order to blackmail them on the phone.
Good malware protection tools, software security updates, a firewall, and sensible social media habits can shield your data from scammers. Meanwhile, screening and verifying phone calls can prevent vishing attacks from breaching your security and privacy.