Outsmarting vishing: Balancing emotions and logic for protection
Cybercriminals use emotional manipulation to overcome vishing victims' common sense and cybersecurity training.
Fraudsters are excellent at adapting to new technologies and finding workarounds to exploit the system for monetary gain. They swindle homeowners after severe weather storms cause property damage and jump in on car accident claims with false injuries. These criminals are hard, though not impossible, to spot in person, but over the phone? They can assume any authoritative identity and fool even the most tech savvy people.
Over 4,000 ransomware attacks occur every day, according to the Federal Bureau of Investigation (FBI). Cybercriminals target inboxes and cellphones to obtain personal information with predatory emails and text messages, like the USPS tracking text scams, but these cyber scams can take many forms.
- Spoofing makes phone calls, texts and emails appear like they’re coming from a known and trusted source.
- Spamming is sending malicious emails to access a computer.
- Phishing is using fake communication that appears to come from real and reputable sources, typically emails and text messages.
- Robocalls are recorded messages sent with an autodialing software.
- Vishing, voice phishing, targets victims over the phone for data access and financial gain.
Perils of vishing
Employees and policyholders may fall for this type of fraud even if they are well-versed in cyber scams. In February, a financial writer for New York Magazine detailed her hours-long ordeal that ended with her putting $50,000 in a shoebox and placing it in the back of a Mercedes. A South Korean vishing victim surrendered $3 million to cybercriminals after bad cyber actors impersonated local law enforcement, the largest amount ever stolen to date.
The key to vishing success is not technology but emotional manipulation. These cybercriminals combine psychology and technology to terrorize anyone who answers the phone. In the case of the New York financial writer, the scammer knew her social security number and family members’ names and that her toddler was playing inside the house—a threat any parent would take seriously.
Vishing scams rely on fear to propel the victim into action, putting them in a place where emotions outweigh logic. Bad cyber actors know how to manipulate victims, so they believe they must follow their instructions to maintain their freedom, bank account or something else without seeking outside help.
Avoiding vishing
Insurers should train employees and educate policyholders on spotting vishing red flags and what to do if they suspect it’s a fraudulent call. The best way to avoid vishing is not to answer a phone call from an unknown number. However, fraudsters can also spoof local numbers, so it appears like the call is coming from the police department or a coworker. If the person on the line claims to be an officer or a colleague of a colleague, it’s best to hang up and call the phone number listed for the department or confirm with the original colleague. Don’t call a phone number provided by the vishing actor. Employees should contact the corporate security team immediately if they receive a suspicious phone call.
“When it comes to looking at telltale signs that people are being scammed by a voice call, the main question to ask oneself is whether this is a usual method through which they would be contacted, is the person on the other end of the line asking them to do something that is out of the ordinary, is there a sense of urgency, and does it trigger a strong emotional reaction?” Javvad Malik, lead security awareness advocate at security firm KnowBe4, told Dark Reading. “If so, then it’s most likely to be a scam.”
Vishing actors typically make every effort to seem legitimate, providing claim numbers and badge numbers. They get agitated and angry when the victim starts asking logical questions, and that’s where the house of cards may start to fall.
Related: