Something Is “Vishy” Around Here…
Don’t Be Fooled By an Unexpected, Yet Seemingly Legit Phone Call
By Jeremiah Matthews
You are at home on a weekend when your iPhone rings. According to your caller ID, it’s an Apple store. That seems legitimate, so you answer the phone. The caller identifies himself as an Apple Support employee and informs you that your iCloud account has been compromised and must be repaired. You are directed to a website that will allow them to correct the problem remotely.
Careful! You are about to become a victim of vishing.
Vishing is a term derived from “voice” and “phishing.” Like phishing, the better-known practice of scamming consumers via email, vishing scammers seek access to financial information such as credit card numbers and bank accounts, as well as personal information used in identity theft schemes. Given growing public wariness of email phishing scams, vishers exploit consumers’ lingering trust in telephone services.
Vishing is a form of social engineering, a malicious methodology that relies on personal interaction and psychological manipulation to trick users into making security mistakes or disclosing sensitive information. Vishers typically pretend to represent a trusted institution, company, or government agency.
How do they do it? Some scammers use “caller ID spoofing,” a practice that allows them to display the number of a legitimate business on the caller ID. The caller typically informs you of an urgent matter such as suspected fraudulent activity on your bank account, or overdue or unpaid government taxes. Fake computer tech support, such as offering to remotely access your PC to correct a problem, is another frequent tactic.
How can you protect yourself from this pernicious cyber-scamming?
- Be aware of vishing scams. If you are a small business owner, make sure that your employees are aware as well.
- Never believe that a company will call out of the blue to repair your computer remotely. It just doesn’t happen.
- Always be skeptical. Don’t trust caller ID. Just because your caller ID displays a phone number or name of a valid company does not mean the call is legitimate.
- Ask questions. If someone requests your personal or financial information, ask them to provide verification of their employment with a legitimate company.
- Hang up and call the vendor yourself to verify. Look up the company’s customer service number and call that number rather than the number provided in the solicitation call.
- In short: Be just as suspicious of an unsolicited phone call aimed at repairing your computer as you would be of an e-mail asking for personal or financial information.