Watch out, Vishing!

No, this is not a typo. We are indeed talking about the so-called "Vishing". Vishing is a special form of Phishing. It is composed of the words "Voice" and "Phishing". Just like with the common Phishing method, private, sensitive or confidential information are coaxed from a person under false pretenses. In contrast to Phishing, however, the person concerned is not contacted by e-mail, but by telephone.

In recent months, the number of cyber attacks has risen significantly and cybercriminals are using Vishing as a method more frequently. This is because companies and their employees have recognized the danger posed by conventional Phishing attacks and thus by e-mails or fake websites, and have therefore implemented important prevention measures and extended trainings in their everyday work. Cybercriminals must consequently come up with new methods to extract sensitive information from their victims.

Why is it so dangerous?

The so-called "Visher" approach their attacks extremely intelligently. They take advantage of situations that seem ordinary and innocent to humans. Calls from private or suppressed numbers as well as calls from a call centre or a customer hotline are almost a daily occurrence. How often did it happen that you had to state your birthday, your address or simply your name to validate personal data? Even though these calls are often harmless, the everyday handling of phone calls of this kind facilitate Visher to gain access to confidential information very easily.

How do the cyber criminals operate?

Cybercriminals slip into different roles. The Sparkasse is currently warning of Vishing incidents. Here, the fraudsters pretend to be employees of the Sparkasse and ask their victims to announce their card number, telephone number or TANs, which are sent to their mobile phones during the phone call. If you ever get into such a situation, terminate the call and hang up immediately. No reputable bank will ask you for your credit card information or TAN numbers over the phone.

Or imagine the following situation: The phone rings and an IT expert is on the other end of the line telling you that your computer is infected with a virus. It is now very important to react quickly to prevent the virus from shutting down the entire company network. The IT expert would like to carry out remote servicing in order to install the necessary diagnostic software on your computer and thus solve the problem. However, he will need your password for this. 

Similar to traditional Phishing, the cybercriminals play on the emotions of their victims by manipulating the situation in their favour. First, trust is built up. This trust is created by the perpetrator appearing in a role whose authority is often not questioned, e.g. that of a police officer, a bank employee or an IT expert. If the trust created is not sufficient to receive the desired information, the victims are put under pressure by causing fear and panic. This leads the people concerned to act rashly and hastily.

What can you do to protect yourself from Vishing?

A healthy level of distrust is never wrong. Question the caller, no matter how official the entity from which they are calling is. Vishing perpetrators will do anything to keep you safe and get confidential information from you. Be sure to contact another person or a third party who can confirm and verify the case or concern. Better be safe than sorry! In general, never share confidential information such as bank account details, logins or passwords over the phone.

How do you act correctly when you have disclosed sensitive information?

If you have fallen for a Vishing attack, you should act quickly but thoughtfully. Hurried action can cause further damage. Inform your IT department at once about the information you shared. If you have shared passwords, change them immediately. If you use one of the issued passwords for more than one program or application, change that password for those services as well. It is important that you do not use this compromised password again in the future.

If you have questions about passwords, Perseus can help. Read the article about password security.

 

Any questions?
We are here for you.

Arrange a free consultation with our IT security experts. We look forward to meeting you.

+49 030/95 999 80 80 (Mon - Fri 09:00am - 6:00pm)