The practice of Vishing has been around for many years. Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identify theft.
SiteTakeDown is equipped with tools, processes and personnel that are highly trained to help our customers identify Vishing attacks. Any enforcement or takedown process would typically involve our experts liaising with your legal team, the local law enforcement agencies along with the carriers or telecom providers who are responsible for the telecom services used in the attack.
The scammer usually pretends to be a legitimate business. Over time, consumers have become complacent about sharing personal information with companies over the telephone that they perceive to be legitimate. The criminals seize on this opportunity to elicit information or influence an action by offering inducements such as tax refunds or rebates from service providers. In any of the examples you might imagine, the consumer ends up losing money and the innocent brand implicated in the attack has their reputation tarnished.
All of the unsolicited calls to the general consumer are inevitably going to involve someone impersonating your brand. All this is a criminal activity and your company and brand are innocent bystanders in the abuse of your brand. This will often occur silently until one of your valued customers brings it to your attention or posts it to a forum that you can see and take action on.
Common Vishing Techniques
This is when the criminal uses an automated system to call specific area codes with a message involving local or regional banks or credit unions. Once someone answers the phone, a generic or targeted recording begins, requesting that the listener enter bank account, credit or debit card numbers along with PIN codes.
Caller ID Spoofing
This is the practice of causing the telephone network to display a false number on the recipients’ called ID. A number of companies provide tools that facilitate caller ID spoofing. VoIP has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union”.
Social engineering is a fancier, more technical phrase for lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by criminals tend to be relatively professional and convincing.