Sounds Phishy – The Rise of Vishing Scams

Broad awareness has been made about cyberattacks in the form of phishing that typically use email messages to lure victims into divulging sensitive information or opening a link that allows malware to infiltrate their device. Companies have learned how to combat phishing by training employees to recognize such scam attempts and report them as phishing to protect their organizations. “Vishing” is another tactic used by scammers that, while less familiar, is no less invasive and dangerous.

Vishing, a term that comes from the combination of the words “voice” and “phishing,” tricks victims into providing personal information over the phone. Vishing scams convince victims to provide passwords, social security numbers, bank account information and other personal data to callers pretending to represent an organization that requires sensitive information, such as a governmental authority or the victim’s financial institution or utility company.

In order to appear as if they are legitimate, vishing scammers use local area codes and text message prompts to cover their tracks. Oftentimes a vishing attempt will try to persuade the victim to act quickly in response to a (falsely) urgent situation such as a lost child, medical emergency, or once-in-a-lifetime opportunity. These attempts can target hundreds of phone numbers at once, casting a wide net of potential victims, including employees that could provide unintended access to corporate computer systems…