In the current time of technology, Vishing attacks are becoming more commonplace. Vishing is a cyber-attack conducted by a phone call to trick the victim into providing private and sensitive personal information. These attacks may seem to be antiquated however they are often conducted with great detail and success. The attacker can often seem sincere and professional, allowing you to feel comfortable during the attacker’s plans. These attacks can often be easily detected and avoided by following the guidelines provided below.
What is a Vishing Attack?
Similar to an e-mail phishing attack, a Vishing attack is an attempt by an attacker to gain private and sensitive personal information. These types of attacks are not as common as email phishing campaigns but are much greater in complexity and skill level. The attacker will often research information online by way of social media, company websites, or personnel databases for information to get started with their attacks. A campaign is launched using a phony telephone number with either an automated message or a real-life person on the other end attempting to gather information and gain your confidence. Once they can gain your confidence and a particular level of trust, they attempt to extract any personal and private information possible. Often the information that is gathered from a Vishing attack is used during other attacks and methods.
How can I avoid a Vishing attack?
The best news of Vishing attacks is the ability to avoid and identify these attacks early in the process. Similar to email phishing attacks, Vishing attacks require the victim to provide some input or take a form of action. These attacks either come from an outside source (business, salesperson, give away, etc.) that you are not familiar with or impersonating someone you may know as a personal contact. Impersonation attempts for known contacts can be verified quickly by comparing the known voice, tone, and speech of the bad actor with the authentic individual. These attempts can also include individuals which you are not familiar with their voice, causing more difficulty with identifying these scams.
In any situation where a caller is looking to gain access to information or make unusual actions, it is crucial to use multiple verification methods to verify the callers’ identity and access. These verification methods can include pre-configured passwords and passcodes, challenge questions, or multiple pieces of personally identifiable information only the appropriate contact would know. These challenge question and response configurations can quickly identify proper access and validity of the caller, ending the scam before it can begin.
Examples of Vishing:
- Bank scam: A bad actor calling a victim and claiming they are from their bank or financial institution, then saying that there is something wrong with their credit card.
- Social security scam: People pretending to be government agents asking you to confirm your social security number.
- Tech support call: Bad actors pretend to be tech support at a big company and say that they need to update your computer. They then ask for your password in order to perform the update.
I’ve been a victim of Vishing, what should I do?
- Stop all communication. If you are in contact with a scammer, cease communication immediately.
- Report the incident. You can file a complaint with the FTC on their website.
- Protect your identity. Monitor your financial accounts, credit reports, and any other sensitive information for signs of unauthorized access and activity. With most accounts, you can place a fraud alert or a credit freeze to prevent further compromise.
- Document the incident. Keep any record of communication and documentation related to the scam. This can be extremely useful when reporting the incident and resolving any issues with authorities.
| Additional Considerations | |
| If a scammer accessed your accounts… | Immediately change all passwords associated with the scam. Ensure the new password is strong and do not reuse passwords. Enable Multifactor Authentication (MFA) on all accounts. |
| If a scammer has access to financial information… | Contact your bank or credit card company immediately. They can help monitor your accounts for suspicious activity. |
| If a scammer has your social security number… | Place a fraud alert and initiate a credit freeze on your credit reports by contacting one of the three major credit bureaus. Additionally, file a report with the IRS and your bank so that they can protect your identity and monitor your accounts. |
This material is for general information only and is not intended to provide specific advice or recommendations for any individual. This material was prepared by LPL Financial, LLC
Securities offered through LPL Financial, member FINRA/SIPC. Investment advice offered through Private Advisor Group, a registered investment advisor. Private Advisor Group and Retirement Legacy Group are separate entities from LPL Financial.
The LPL Financial Registered Representatives associated with this site may only discuss and/or transact securities business with residents of the following states: AZ, CA, CO, FL, GA, IL, IN, MI, NY, OH, OK, PA, TX, and VA.