What is vishing?
The word ‘vishing’ is a combination of ‘voice’ and ‘phishing.’ Phishing is a form of social engineering and is the practice of using deception to get you to reveal personal, sensitive, or confidential information. The information is then used by the fraudster to impersonate the victim with the aim of obtaining goods that can quickly be converted to cash (mobile phones, vehicles, credit).
Cold callers may claim to be from your bank, pension advisory service, government department, computer software organisation, health service, mobile phone retailers or your internet service provider.
An example of vishing:
You receive a call claiming to be from a mobile phone retailer. They advise you they have plenty of excess stock and as a result are able to offer you an incredible deal on a top range product. The company does not sound familiar to you but their offer is too good to miss out on! You state what mobile phone and plan you would like and proceed to pass on your personal information as you are eager to get your account set up and receive your new phone. The delivery arrives but you notice that the package has not come from the company you were dealing with. You also notice that there are two phones, neither of which you have ordered. The company you were dealing with has provided you with a returns address in case of a mistake like this, so you dutifully return the mobile phones. You never hear from the retailer again, they have used your own details to defraud you, having gained them via Social Engineering.
Have you been the victim of a Social Engineering attack?
- You should always question unsolicited calls, texts, social media messaging or emails requesting your personal or financial information (name, address, bank details, email or phone number). Instead, contact the company directly using a known email or phone number. i.e. not the number provided by the unsolicited caller.
- Resist pressure - legitimate companies and charities will be happy to give you time to decide. It’s probably a scam if they demand that you act immediately or won’t take ‘no’ for an answer.
- Document the time of the unsolicited contact, the name of the person contacting you and the contact method i.e. telephone numbers or email contact details. This will help you to verify if the contact was legitimately from the company the caller purported to be.
- If you have been a victim of fraud, call Action Fraud on 0300 123 2040 or visit www.actionfraud.police.uk *. Action Fraud is the reporting centre for fraud and cybercrime in England, Wales and Northern Ireland. Reports of fraud and any other financial crime in Scotland should be reported to Police via 101. However, if debit cards, online banking or cheques are involved in the scam your first step should to contact your bank or credit card company.
- You can avail of blocking facilities that will help to keep you secure such as Call Line Identity (CLI) Blocking is a common feature on most modern day handsets or can alternatively be provided with the assistance of your Telecoms provider.
*These links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.