The progress of technology has allowed us to do things that were impossible in the last few decades. We now have access to the Internet and its capabilities, like instant messaging and video calls on smartphones. We are even seeing the rise of artificial intelligence and its use cases.
However, along with this technological revolution, sinister operatives, like hackers, scammers, and fraudsters, have also adapted and upped their game, as they are now using new technology to victimize people. Unfortunately, not many regular people are well aware and educated about what’s happening.
Some, like older people or non-techies, do not even know that scamming through your phone is possible, so they often fall victim to these people.
One of the newest ways of scamming people is through an illegal activity called vishing.
Table of Contents
- What is Vishing?
- Vishing vs. Phishing vs. Smishing
- How does Vishing work?
- Common signs of Vishing
- How to avoid becoming a victim of Vishing
What is Vishing?
Vishing, short for voice phishing, is a type of social engineering in which a fraudster or cybercriminal in disguise calls you using an unknown cellphone number in an attempt to obtain your personal or financial information.
They would call you pretending to come from reputable institutions and companies, such as banks and government agencies, hoping you would share your login details, account numbers, and credit card details, like your card number and CVV.
Vishing vs. Phishing vs. Smishing
Some of you might be surprised to learn that the Internet, cellphone calls, and texts can be tools used by various social engineering schemes and tactics. These schemes now use more sophisticated approaches and strategies that can trick even the most careful people, much so to the uninformed.
Before diving deeper into vishing, it’s essential to differentiate it from other common scammer strategies because there are several of them, such as phishing and smishing. Here’s how they differ.
- Phishing – this is the more generic and most common approach in social engineering, where attackers will send fraudulent emails or use fake websites to steal your personal and financial data. Some phishing attackers are also getting better and better in tricking people to input confidential information.
- Vishing – as mentioned earlier, fraudsters use phone calls instead of emails to encourage you to share your vital personal and financial information.
- Smishing – this is similar to vishing, but instead of calls, it uses text messages or SMS. It’s a good thing that we’re no longer texting as much as before, but the risk still remains because the SIM Registration law doesn’t seem to deter scammers from using smishing tactics.
- How the “I’m not a robot” CAPTCHA test actually works
- Getting unrequested verification codes? Your accounts might be in danger
- Is your password exposed in a data breach? Here’s what you should do
- How to spot fake product reviews on the internet
How does Vishing work?
The scammers using a vishing tactic will often impersonate or pretend to be a representative of banks, government agencies, or even delivery riders. Some of the common tactics for implementing vishing include pretending to be:
- a bank employee or representative offering bank promos, like waiving your credit card fees or converting your reward points to cash. It’s enticing, but it’s a red flag.
- a government representative giving out financial assistance or “ayuda” in exchange for some personal details.
- a delivery rider telling you there’s an incoming parcel delivery even if you’re not expecting any.
According to PLDT, impostors and fraudsters have also started using generative artificial intelligence (AI) to create life-like voices, even of your loved ones, to gain your trust and avoid suspicions. However, you must not give your information quickly.
My personal experience
Here’s my personal experience with scammers using vishing tactics. I remember someone pretending to be a bank representative for BDO was calling me about a special cash-back promo for BDO credit cards for a select few clients. The scammer was a woman and was very friendly. Luckily, I don’t have a BDO account, much less a credit card, so I immediately dropped the call and blocked the number.
I noticed they used general details based on a well-written script or spiels for popular companies to lower our guards and make us vulnerable, like how they pretended to be from BDO. I then thought, what if I had a card from BDO? The call would have lasted longer, and I may have been victimized.
Common signs of Vishing
Like most scams, there are always tell-tale signs that can give away the scammer and their motive. All these tactics also involved some common characteristics like:
- Using an unknown number – you can immediately see the attackers calling you from an unknown or unverified number, but they may know your name. From my previous experiences with banks, they don’t usually contact me through calls but via emails or registered numbers.
- There’s always a sense of fear or urgency – like in my experience, the attacker tried to entice me into the call by using special promos for a limited time, so you would hurry up and think less.
- They know your name or other basic information – I’m not sure how they do this, but they sometimes know your name and number, which is probably stolen, scraped, or bought somewhere on the Internet or websites.
- They ask you about various information, accounts, or card details – in between telling you about the limited-time offer of the promo, they also ask for some personal information, which they can use to access your other accounts. Other times, they want you to share your credit card information.
Knowing these common signs will help you be more careful about what you share over the phone, even if it sounds legitimate. Remember, scammers are adapting faster than most of us.
How to avoid becoming a victim of Vishing
Sometimes, we think it’s impossible to be a victim of financial scams like vishing. But because of the Internet and easy access, you’re always one step closer to becoming a victim than ever before, so you can’t relax, especially while talking with someone you don’t know.
Here are some things you should never share over the phone to avoid being a victim of vishing.
- Never share personal information unrelated to the query or the purpose of the call, such as your birthday, middle name, and ID numbers. Unless you are the one calling, you must be careful not to share personal information, especially if it’s unnecessary.
- Never share unnecessary financial details, such as your credit card account name, number, and CVV. Legitimate bank representatives never ask for your full credit card number and CVV.
- Never share your OTP with anyone, especially over the phone. Your one-time pin (OTP) is your last defense against attackers who gain access to your credentials. And if you still don’t use two-factor or multifactor authentication, you should.
- Ask the caller to provide details, such as his name, company, and contact information, for further verification.
- Always use the appropriate avenues and platforms when contacting your bank and government agencies. You may email their registered email address or call them directly to their hotline numbers.
- Be skeptical of unknown callers – since attackers using vishing use mobile phones to call unsuspecting people, it’s our role to be more skeptical about unknown callers. You can ask some questions or ask for identification before proceeding.
- Educate users – lastly, it’s crucial to educate everyone using a mobile phone about the dangers of vishing, especially the elderly. Always make them remember to never share personal and financial details over the phone.
Important: Always remember that legitimate banks, companies, and government agencies will never call, text, or chat with you asking for your personal and financial information, like account name and number, credit card information, and financial requests.
Vishing is another newer scam tactic, but its purpose is still the same—to defraud you of your financial or personal information for their gain. The best way to avoid being a victim of vishing is to know the red flags and protect your details. When in doubt, always err on the side of caution.
Have you experienced vishing? Please share them in the comments below.