Vishing: unwanted telephone calls
24/03/2020
These days of quarantine can be used by cybercriminals to access your accounts. This is why we wish to explain what the technique known as “vishing” is in our series “Protect yourself against fraud”. The term is a combination of “voice” and “phishing”.
Vishing is a form of fraud that aims to obtain personal and bank data via a phone call, deceiving the victim by impersonating a trusted third party. We describe below a few real cases to illustrate what we are talking about:
- Computer technician scam: under the pretext of cleaning your computer of virus, they ask you to pay a small amount through a platform that records your bank data. They then request to take control over the infected computer to access your online banking and perform transactions in your name.
- Bank employee: you are told that somebody is making a fraudulent (and fictitious) transaction with your card and they request your card data. While they are talking to you, they are making actual purchases online and they ask you for the one-time passwords (OTP) you are receiving via SMS, making you believe that they are passwords required to cancel the false transaction.
- A telephone company employee tells you that they have overcharged you by mistake and requests your banking data to pay back the difference into your account.
- Persons interested in products listed by you on second-hand sale websites. Claiming to expedite payments, they ask you for your bank card number.
What should you do to protect yourself from these attacks?
- Use your common sense. Would you give your home address or your card number to a stranger on the street? Of course not. Do not give anyone your account or card details over the phone. Do not give personal information or reply to requests you have not made or initiated. Legitimate companies already have your personal details. They do not need to ask you for them again, much less by phone. Become familiar with the data your bank does ask you for, such as a specific position or positions of your access key.
- If a call seems suspicious, just hang up. Look for the official number of the company and call them to verify what happened.
- Jot down the number to recognise it if they call you again.
- Do some research on the internet to see if there are other victims who have published information about the scammer’s modus operandi.
- Install an app on your mobile to block unwanted calls and spam. Some of these apps are shared by a close-knit community that reports each new case and keeps an updated blacklist of telephone numbers.
- Report the incident to the Police, the Civil Guard or the courts.
It is also possible for scammers to combine several techniques to achieve their goal. For example, they can send an SMS which includes a telephone number to cancel a fictitious purchase or a link to a false website. We suggest that you sign up for the security alerts of the Security Agency for Internet UsersAbre en ventana nueva (OSI, by its Spanish abbreviation) to remain up to date.