Stealing money and valuables from people is as ancient as the human civilisation. And thieves have been perfecting their craft by developing new tools for their times. In the digital era, as people move online, cybercriminals have deployed new tools to steal personal information and money from gullible victims. The latest device in their tool kit is ‘vishing’.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
Vishing attacks are slightly more sophisticated than the well-known phishing attack. In phishing attacks, perpetrators fraudulently send emails purporting to be from reputable companies in order to induce individuals to reveal personal information. The additional layer in vishing is the voice component.
These attacks usually begin with an email from the perpetrator asking the victim to follow a link to access a site or cancel an order. But unlike phishing, these emails will ask the person to immediately call a customer support number given in the email. And in that call, cybercriminals will try to extract the caller’s personal details and bank account number using various methods.
Cybercriminals may even use a video on TikTok to steal bank account details. On the short-video platform, in a popular prank video, people call their friends using an automated answering machine voice to tell them that a large amount of money is about to be debited from their account. This has gone viral.
The scale of vishing attacks
Cybersecurity firm Kaspersky’s experts warn that this trend is a vishing attack, and is actively used by cybercriminals to steal information. The team detected almost 350,000 vishing emails that between March to June, asking victims to call in and cancel a transaction. In June, the number of such emails increased to nearly 100,000. Kaspersky team notes that this trend is only gaining momentum and is likely to continue growing.
The only difference between the TikTok prank video and a real vishing scam is the email. The prank video publishers do not send fraudulent email, and they are not in this for money. “Their goal is a show, not money,” Kaspersky said.
The use of voice in a phishing scam is said to give the perpetrator an early advantage. That’s because when victims talk on the phone, they are usually distracted and find it more difficult to focus. During such situations, cybercriminals throw them off balance by rushing or intimidating to urgently provide credit card details or other personal information.
“When people encounter scam calls in real life, they are often affected by multiple circumstances at the same time,” said Roman Dedenok, security expert at Kaspersky. “Such a call can catch them off guard, while their head is full of other things and they can’t clearly assess who is on the other end of the call – a prankster, a fraudster or a real bank security specialist,”
To ensure that you do not become a victim of a vishing attack, check sender’s address, look for typos and grammatical errors, and consider the type of information requested. And always be wary of any email that creates a sense of urgency. These tips will keep you in good stead even as cybercriminals continue to perfect their craft.