One of the ways most used by cybercriminals to defraud us is through phishing, an attack that consists of sending an email pretending to be our bank, parcel delivery company or any other company. Its objective is to steal both our personal information, as well as usernames and passwords of our main bank accounts, credit cards, etc. However, there is another dangerous attack called Vishing , and it consists of doing the same thing but using phone calls instead of emails. Today in this article we are going to explain everything you need to know about this attack to scam you, how to detect it and what you should do if you have already been a victim.
What is vishing
Vishing is a variant of the typical Phishing attacks that we receive by email, and that often go directly to the spam folder due to the filters of the main email providers such as Gmail, Outlook or Yahoo!. Although the form of attack changes, the objective of Vishing is the same: to obtain personal information by deceiving the victim, be it our private information, access credentials to our online accounts and even directly to our bank account. This type of attack could also steal the debit or credit card, to later make payments with our own cards.
Vishing uses phone calls to deceive us , we can receive these phone calls both on our home landline phone as well as on our mobile phone. When they call us they will pretend to be utility companies such as electricity, gas or water, they will also pretend to be our bank to steal our bank account and they can even pretend to be our own home telephone and fixed Internet company. Today these attacks are aimed at stealing both our personal information and our money, so we must be very careful.
With the popularity of online shipments, since every time they make more purchases through the Internet, cybercriminals can also call you pretending to be Correos, Seur and other parcel companies , with the aim of obtaining very valuable information from us, and even directly asking us that we have to pay customs to be able to dispatch the shipment, and even that we have to pay something additional for the shipment to reach our home. Therefore, we must pay special attention to all calls made to us of this type, asking for our private information.
In this type of attack, it is also possible that they incite us to install some type of program or app on our smartphone, and it is even possible that they incite us to enter an illegitimate website that pretends to be a real website, for example, from our bank, therefore, we should be very careful and pay close attention to these types of calls.
How to detect and avoid it
This identity theft attack from a real company aims to steal personal information, our bank access credentials, and they will even want to steal our debit or credit card. Depending on the type of call we receive and what they ask us for, we have different ways of detecting it.
If they claim to be our bank
This is one of the most dangerous calls that can be made to us. If we receive a call pretending to be our bank, we must be extremely careful before providing them with any of our private data, let alone user credentials or credit card information. The objective of these calls is to steal the username and password to access digital banking, and also our debit or credit cards, so they could steal money from us.
When we receive a call like this, we should never provide username and password information to access digital banking, even if the caller tells you that they need that information to access your account and perform some action. Banks already have all the necessary information by simply providing the customer’s DNI, through this identifier they will be able to access your account and carry out any action, without you having to provide anything else. If they call you, they will ask you to identify yourself with your name and surnames as well as your ID, on some occasions they will also ask you for your date of birth, but they will never ask you for your account access codes or debit card numbers. or credit.
It is very important to distrust the person who calls us at first, and not provide too much information until we are sure of the reason for the call and if this call makes “sense”. For example, if we have an open incident at the bank and we are waiting for a call, it is logical to think that it is legitimate, but you should buy it just in case it is not.
Logically, if the person who calls us is our personal manager of the bank that we already know after having spoken with him on other occasions, then we can lower our “guard” and trust, because we know reliably that he is a bank employee and is our manager. .
If they impersonate our operator
If they call us pretending to be our operator, this is usually due to two reasons:
- It is a competitor operator, and they want to “steal” a customer from them. Therefore, they could deceive you by saying that they are going to raise your Internet rate, and right after that they will call you from the competition. This type of attack is very typical in commercial operators.
- They want to obtain details of your bank account or credit card, in order to steal money from you.
In the first case, you must know how these calls proceed and avoid being deceived. If you really have not had a rate increase on your mobile bill, then you should not pay much attention to this call, especially if you receive a call from the competition right after.
In the second case, the operator will never ask you for the bank account for the receipts, because they already have it when you signed up. Of course, they will not ask you for credit card information either, because they already have your bank account to give you the receipt for the current month. In this case, whether it is a bank account or a card, the objective is to steal money directly and you must avoid these calls.
If they claim to be from the electricity, gas or water company
If they call us pretending to be our electricity or gas company, and even the water company if there are several companies that take care of it, it is due to the same reasons as in the previous case:
- The competition wants to trick you into switching to their electricity, gas or water rates.
- They want to obtain sensitive information such as payment information (bank account and cards).
Personally, the first case has happened to us, a company that pretends to be the current company and tells you that they are going to offer you a very important discount on your bill, and then when you continue talking and making the voice recording, they tell you that they will go to another electricity or gas marketer. This is clearly an attempted scam by the salesperson who called you.
In the second case, they will try to get bank information and cards in order to steal as much money as possible.
If they encourage you to enter a website or download something
If the person calling you is encouraging you to enter a website or download a program, you should be completely suspicious and never install any program or app that they tell you. In case you install this type of malware, you might have a banking Trojan to steal all your credentials or any other private information like email credentials and more.
Although a website may seem legitimate from our bank or Internet company, today it is very easy to clone a website and modify it to steal all the data entered. You should know that as soon as you enter the information, for example, a username and password, cybercriminals will have this information to access your accounts directly.
What to do if we have already been victims
If we have been victims of this phone scam, we should review what information we have given to the person on the other end of the phone. Depending on the information provided, we will have to take some actions or others to protect ourselves.
If we have given you a username and password for our digital banking, we must enter our account as soon as possible and change the access password. If it is no longer possible to access, then you will have to call your personal manager or the bank’s customer service as soon as possible, so that they block any movement of the bank account and reset the access codes. Once the manager or the bank has done this, you should also check if you have any outgoing transfers or account charges of any kind. Of course, if money has been stolen from you, you will have to notify the bank and file the corresponding complaint at the Police Station.
If we have given you our debit or credit card, what we must do is block them as soon as possible through the mobile app or through digital banking via the web. In this case they will have made a charge or they will have subscribed us to some Internet service to charge this card, therefore, we must cancel this card as soon as possible to avoid major problems.
In the case of having been deceived and they have changed our electricity, gas, telephone or water company, you will have to contact your current company and indicate that you have been deceived, so that they stop any type of portability or transfer from one company to another. . This case could be quite problematic because they will have made a voice call to confirm the portability, but if you realize it in time you can avoid being transferred to that other company that you do not want.
As you have seen, Vishing is a very dangerous attack that consists of tricking the victim into providing private information to cybercriminals.