News

Vishing: learn how to identify the scam and ways to protect yourself

Deepak GuptaMay 20, 2022
0

According to a survey carried out by the German consultancy Roland Berger, Brazil is among the 10 countries in the world that most fell into virtual traps in 2021. The country occupies the 5th position, and only in the first quarter of last year were recorded more than 9 million cases.

Recent research such as Panorama Mobile Time/Opinion Box point out that 17% of Brazilians with smartphones claim that they have already had their personal information used in scams or fraud. In addition, just last year, more than 150 million people were victims of phishing in Brazil.

Image: Panorama Mobile Time/Opinion Box

In this context, what we can do is work on ways to protect ourselves and be more and more attentive not to fall into these traps. After all, this is a topic that we need to be constantly updating, as the more technologies advance and new digital resources emerge, the more criminals find new ways to try to benefit from attacks through social engineering.

Furthermore, this issue is also permanent due to the fact that, regardless of the means used, scams deal directly with people. Therefore, there will always be some fragility gap in which criminals can focus directly to try to take advantage.

That’s why I couldn’t help but talk about vishing: a type of scam that unites the techniques of phishing with voice features.

To help you identify this threat, I have separated in this article the main characteristics, some examples of situations that can be immediately recognized as a scam and, of course, the main ways to prevent it.

How to recognize Vishing?

In this type of scam, criminals appeal to emotional aspects, seeking to bring fear, concern or even euphoria. That way, in the middle of a moment of vulnerability, you may end up passing some data without thinking too much, just to try to resolve the situation as quickly as possible.

Some examples are:

  • Job offers in which you have been selected;

  • Lightning kidnapping of a family member;

  • Request for financial help from someone you know;

  • Call centers of alleged companies talking about pending payments; offering credit cards or even the redemption of a prize in which you were drawn;

  • Bank managers contact you to report any suspicious movements in your account.

Criminals contact you through phone calls, or send messages via WhatsApp, SMS or email with phone numbers so you can call and check for an emergency situation. Thus, they seek to steal other punctual data such as card security codes and passwords, in order to, then, bring a financial loss.

WhatsApp open on smartphone

Image: Christian Wiediger/Unsplash

To carry out the scams, criminals can also use personal information that was released in large leaks and, therefore, can access data such as your phone number, name, CPF and even address. If you want to know if any of your information has already been leaked, some sites already offer resources for you to verify your data, such as Have I Been Pwned, which shows if any email addresses or passwords have been compromised. The Central Bank of Brazil also has the registrationservice to find out what banking, exchange and Pix transactions were performed with your data.

All these situations can happen with a personalized format, really trying to convey a certain veracity of the information. For example, emails can be formatted similar to an official company email, with logos and a domain similar to the original. While the calls made can use IVRs (Automatic Answering Units), music on hold, and even background voices of some “attendants” working to simulate a real call center. The technology is so advanced that it is even possible, with an audio sample of the victim’s relative, to emulate their voice to make a kidnapping scam, for example, even more legitimate.

However, criminals do not even need very advanced technologies to execute the scams, since at most, with your contact, they can try to extract other data from you if you are not careful.

Ways to avoid falling into Vishing

The main fact is that it will be up to whoever is receiving this coup attempt to have the perception and discernment not to proceed with the initial contact. In this sense, some tips may be essential for you to prevent yourself:

  • Seek to be aware of the existence of scams — the first step is to be alert and seek current information about what is happening. Disseminating the existence of this type of scam is essential for you to know how to identify, prevent yourself, and also help other people around you so that they do not become victims. So why not share this article with someone you know?

  • Be suspicious of calls and don’t passively accept anything – if someone has contacted you asking for some information about you, even if it seems like an emergency, always seek to take control of the situation. Ask why the person needs that data, the reason why they need to confirm it being that theoretically, by having your contact, they already have the information. You will find that many criminals may even contradict, start talking slang or get nervous when they realize you won’t budge.

  • Search for official numbers — if you have received a text message asking you to contact an alleged company, search the internet for the number on the institution’s official website to verify that it matches what you have informed.

  • Confirm the information that is initially passed — know that sensitive information such as passwords and account numbers are not requested by companies or bank agencies, much less, for you to actively contact to pass or confirm it. In addition, if you come across a situation that involves someone you know, such as the lightning kidnapping example I mentioned earlier, try to first get in touch with that person, and if possible, even make a video call with them to make sure that it’s okay.

Some other post-contact actions can also be taken. For example, I suggest you take the phone number used in the scam, block it on your cell phone, and add it to websites and apps that maintain block lists for them. I do not recommend any kind of retaliation or threat, as it is not possible to know what kind of criminal you will be dealing with on the other end of the line.

Regionally, there are also cybercrime police stations, which can be contacted to report scams suffered in an online environment. In 2012, the Law No. 12,737which typifies computer crimes as a crime and can support your complaint.

If you cannot find a police station for digital crimes in your state or municipality, you can file a report on the police website or at the nearest police station so that the situation is investigated in depth.

Vishing: learn how to identify the scam and ways to protect yourselfDaniel Barbosa holds a degree in Computer Science from the University of Santo Amaro (Brazil) and a postgraduate degree in Cyber ​​Security from Daryus Management Business School (Brazil). Since 2018, he has been an information security specialist at Eset.

We have other articles that may interest you:
  1. Samsung launches even smarter Smart Monitor
  2. The textile sector hopes that 2022 will be the year of its recovery
  3. Atari celebrates 50 years with NFT lootboxes
  4. James Gunn is working on a new spin-off
  5. The foldable screen MacBook, soon a reality at Apple?
  6. Olson is born, the home appliance store with a different sales concept
Deepak GuptaMay 20, 2022
0

Related Articles

how to (finally) stop procrastinating in 2022?

January 13, 2022

New multicloud connectivity management tool, the latest digital solution from F5

March 28, 2023

LG introduces the 32SQ730S-W and 32SQ780S-W monitors

February 24, 2023

The number of Spanish entrepreneurs multiplies by five since 2015, according to a report

October 18, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *