Wednesday, July 19, 2017

Vishing: How to Avoid Taking the Bait

Credit Card Information Being Phished
Scenario: It's been a hard week at work, and you're sitting there daydreaming about a white sandy beach with shimmering blue water somewhere far away. Suddenly you receive a phone call from a number you've never seen before, but the area code is local, so it must be important. You go outside to answer, and to your delight, the caller says, "Congratulations, you're the lucky winner of a five-day getaway in Jamaica!" Now all they need is your card info to credit your account. Wow, how lucky are you?

Not very.

Phishing, or the act of attempting to obtain confidential or financial information from people via email, has been running rampant among everyone with an email address since 1996. But hackers aren't just using emails to seize your personal info. Vishing, which is phishing via phone calls, is rapidly advancing. Every month, more than 86.2 million vishing calls are made in the U.S. So what can you do to avoid being lured into their trap? Follow these simple tips.

Don't Fall for Their Lines

Does that phone call sound a little phishy? It probably is. Educate yourself on the most common scams now so you can recognize when one is happening to you:
  • The IRS scam: One of the most prevalent scams within the past year, the IRS scam occurs when an "IRS agent" calls to inform you that you either have refund due or that you owe money to the government. The IRS will never call about taxes owed without mailing you first. To avoid this situation, hang up and on another line call the official IRS number for a reliable source to verify the situation. 
  • Vishing combined with malware: This vishing tactic involves a support representative calling from a company you are familiar with. The scammer tells you that you have a virus on your computer that can easily be fixed with their help. They then request that you grant them remote access to your computer so they can troubleshoot the issue. What they're really doing is installing malicious software that'll encrypt all your data. Never click on questionable links or follow instructions if something seems off.
  • The "yes" scam: Some vishers attempt to record you saying the word "yes" by asking a simple question like "Can you hear me?" They can then use the recording to access your account and provide verbal confirmation for wire transfers or some other questionable reason. The scammer may also ask if you'd like your name on the Do Not Call (DNC) registry. Well, of course you do, but the government never calls people to ask them if they want to be added to the DNC list. If you get one of these calls, hang up immediately and go to the Federal Trade Commission (FTC) website to register your number instead.
  • The bank scheme: In this scam, hackers call businesses in search of passwords or financial information by claiming they're your bank or business adviser. Alert your staff to never give out PINs or passwords over the phone, and let your bank or financial adviser know what happened.
Although this is not an exhaustive list, knowing about four of the most-used vishing scams will help you prevent scammers from taking advantage of you. Because scammers are always plotting ingenious ways to trick you, err on the side of caution every time you answer your phone.

Verify Callers' Identities

Determining which calls to take and which to avoid can be tricky. When you get a call you weren't expecting, consider these tips from the FTC (we like to call them the Four W's):

  • Who's calling? Identifying the caller should be your first line of defense. Bear in mind that laws require sales callers to state their name and product before they begin selling you something.
  • When are they calling? Telemarketers can only legally call between 8 a.m. and 9 p.m. If a call comes in outside that time frame, ignore it. However, even if a call does fall within the correct time frame, you should still check for other signs of fraud.
  • What's the rush? Everyone is in a hurry these days, but if someone seems exceptionally pushy, that's a telltale sign of a scammer. If the caller won't take no for an answer, just hang up.
  • Why are they asking for sensitive information? Don't provide or confirm sensitive information if you're not sure of the caller's identity. If the caller claims to represent a specific company you do business with, hang up and call the number posted on the company's website to verify that the caller's request is legitimate. If so, make sure you understand why the business is asking for confidential information before providing it.
Be cautious when providing sensitive or confidential information over the phone, or you could lose thousands of dollars — or your job, if you put your business at risk of a security breach — and then you definitely won't be going on any beach vacations!

Report Suspicious Calls to FTC Officials

Or should we say ophishals? The FTC wants to hear about any scams that happen to you. The agency even took two companies to court after they attempted to call people on the DNC registry and sell them fake warranties.

By following these tips and utilizing these resources, you can thwart vishing attempts. Have you heard of any other vishing scams occurring recently? Let us know in the comments.