Rising Threat of Voice Phishing

Cybersecurity experts are warning of an increase in voice phishing scams, also known as “vishing.” These scams involve fraudulent phone calls or voicemails targeting individuals, government agencies, and businesses. Vishing is considered one of the fastest-growing types of scams currently.

How Vishing Scams Work

These scams often begin with an influx of unexpected messages, creating a sense of panic. Sanny Liao, cofounder and chief product officer at Fable Security, explains, “People in that mindset, they’re panicking. They’re like, ‘What’s going on?’” Attackers capitalize on this anxiety by immediately following up with a phone call.

Impersonating Authority

Scammers frequently impersonate legitimate entities, such as help desks or fraud departments. Liao describes a common tactic: “‘I’m calling from your help desk,’… ‘Your account is under attack right now!’” This creates a false sense of security, leading victims to believe someone is proactively helping them.

The Information Request

Once trust is established, the scammer requests sensitive information. This could include a PIN for identity verification or a code sent to the victim’s phone. These requests are the core of the scam, allowing criminals to access accounts and personal data.

Real-Life Examples

The KSL Investigators have reported on cases where individuals were tricked into sharing information with impostors posing as their bank’s fraud department. Criminals often spoof caller IDs to display the names of legitimate businesses, further deceiving potential victims.

Protecting Yourself from Vishing

Here’s how to protect yourself from voice phishing scams:

  • Be skeptical of caller ID: Just because a number looks legitimate doesn’t mean the call is genuine.
  • Stay calm: Scammers rely on creating panic. Take a moment to think before reacting.
  • Never share information: Do not provide personal or financial information to unsolicited callers.
  • End the call: It’s perfectly acceptable to simply hang up.

Verify Independently

If you’re concerned the call might be legitimate, verify the caller’s identity by contacting the organization directly using a number you’ve independently confirmed. Do not use the callback feature on your phone. Liao emphasizes, “Your IT help desk will always be so relieved that you took the time to verify rather than just going for it.”

Major banks and tech companies consistently state they will never proactively call and request account or security details unless you initiate the contact.