With electronic communications such as email and text so popular, you have probably been told by your employer to look out for phishing attempts. If you are unfamiliar with phishing schemes, they are when scammers pretend to be someone you know and send you an email or text, asking you to click on a suspicious link or attachment to gain access to your data. To combat these attacks, your organization may have trained you to always think twice before acting on an email and to delete or send it to IT if anything appears suspicious. These are great and welcome practices, but what about when a scammer calls you directly?
Although landlines have become outdated, and mobile devices have settings that do their best to block scam calls, criminals are still using phone attacks to gain access to your money and data by impersonating others. These attacks are called voice phishing, or vishing.
How can you detect if a call may be a vishing attempt? There are 4 main ways to tell, often called the 4 Ps of vishing.
Pretend
The phone scammer pretends to be someone whose instructions you might normally trust, like an IT support worker, an authority figure, or someone calling on behalf of a family member in trouble. If the request is unexpected, don’t be afraid to tell them you want to confirm with another trusted contact and hang up!
Problem Or Prize
The unexpected caller states that you or someone you care about has a problem or is in trouble. For instance, they may inform you that there’s a virus on your computer that needs to be removed, a distant family member needs money, or it could have a positive spin like you won a lump sum of money or won a big prize. If the request isn’t adding up or seems too good to be true, it probably isn’t.
Pressure
In most cases, there’s a deep sense of urgency on the call with a phone scammer. They will lie and convince you that action must be taken now, or else. The caller may even threaten you to strike fear into the conversation. On the reverse side, they may approach the urgent situation in a helpful manner and try to walk you through the actions they want you to take. No one on the phone can make you act. If urgent tasks are requested, it is most likely a scam.
Payment
You may be asked for random payment as part of the phone call. Usually, scammers want you to pay them in ways that can’t be refunded or tracked easily, such as with cash, a gift card or even a wire transfer. For instance, they may request you to make a $2,000 payment on behalf of the scammer and in return they will send you a $2,500 check and that you can keep the change—only for the check not to clear after the fact. If a payment method seems odd or non-sensical, it may be a vishing attempt.
Handling Potential Vishing Attempts
To be 100% safe, it’s always best to avoid answering an unexpected call if the caller is not listed as one of your trusted contacts. If the call is legit, they will leave a detailed voicemail explaining their reasoning for the call.
If you do answer the call, and it’s an automated message that’s unfamiliar—hang up. Avoid interacting with it, pressing any keys or responding.
If the call isn’t automated and appears to be from a business or other establishment, hang up and use the number on the organization’s official website to confirm the call’s legitimacy. If on any random call, the caller begins demanding money or wants you to pay them with a gift card, it’s a scam.
At BerganKDV, we partner with clients to establish training and protocols that combat fraudulent attacks like vishing and phishing. Our team provides insightful resources and advisory so that businesses can develop cyber strategies that reflect the unique needs of their operations and keep personal data secure.
If you are curious to see a high-level view of how your cybersecurity measures compare to others in your industry, you can take our free mini-security assessment here. From there, if you are interested in learning more about cybersecurity best practices and effective ways to keep your data and network safe, contact us today and we’d be happy to discuss our security solutions with you.