What Is Vishing?
When someone emails you, cleverly pretending to be your bank or employer requests a response with your personal or sensitive information, this is called phishing. When the same process is done over a telephone system or Voice over IP (VoIP), it is called Vishing. I briefly touched on the fact that using Voice over IP would be cybercrime of the future, and with the rise in consumers using VoIP and the ease of access of VoIP, it's becoming less and less a cybercrime of the future and more of a cybercrime of the present.
In phishing, the scammers might want you to simply reply to their email with your details or they would send you a link to a fake website where you are requested to type your details in a web-form. In the case of vishing, what scammers commonly do is call random people (most commonly through VoIP) and leave an automated message saying that your credit card or band account has been compromised, used up, or closed. Those who are left a message are also given instructions to call a number to get more information about this. When people call the number, they hear an automated message asking them to dial in their credit card detail, even their PIN, expiry date and DoB. After this is done, the person is either put on hold or a "representative" speaks to him while the scammers makes good use of this time to misuse the credit card. Other information they can try to steal from you is more personal information such as your social security number. In the interest of safety, they may ask that you enter your social security number for verification purposes, which they can use for identity theft.
In another version of vishing, the scammers call people and speak to them live. Often, the scammers already have some personal information on you i.e. your credit card number or bank account number. They will inform you that your credit card has been misused so it must be blocked or cancelled. They will say your credit card information they have and will tell you that before they can block the card, they need to confirm that you are the genuine owner of the card and therefore ask you to give the remaining information they need.
Criminals often give out their phone numbers and it might seem easy to track them. The to-be vishing victim will also be able to see the caller's ID but criminals are very clever. They can disguise the number they are calling from, foiling caller ID and in some cases the VoIP number belongs to a legitimate subscriber whose service had been hacked. So the 1-800 number you get the call from is a legitimate number, but the source has been compromised by hackers and most likely sold to the vishers.
Vishing scam can seem very real because they often come with warnings about not disclosing your personal information to your friend, colleagues, etc. This may make you feel that the call or voicemail was legit and the company is interested in protecting your assets. Vishers are usually fairly trained in the art of social engineering, mainly pretexting. They're able to fool you into thinking you're safe and that the call is legitimate.