The Covid-19 pandemic caused a radical change in the daily lives of users who had to prepare their homes for work from home by comparing some devices, becoming familiar with video calling apps and in some cases even VPN Networks in your installed computers to stay connected to the office networks.
Voice phishing or vishing is one way of stealing data by impersonating real people through a phone call through voice
According to the United States Federal Bureau of Investigation (FBI), this new reality has compounded fraud and robbery through voice commands attempting to impersonate identities in what is known as “voice phishing” or “vishing”.
But what is it made of? It is a form of identity theft that is not carried out via email or SMS such as “phishing”, but rather through impersonation a user’s voice known to another who tricked the victim into stealing valuable information. In other words, if you are, for example, a member of the Human Resources Department and are processing the employees’ private data, you may receive a call masquerading as your “boss” or “supervisor” asking for personal information. In this way, cyber criminals can take over entire networks or databases of organizations.
In general, these are identity thieves record public information on the Internet and social networks to create a more believable and trustworthy scenario and deceive the victim who becomes more vulnerable in the face of a known data environment. The calls are usually made using the Internet communication protocol VoIP (telephone calls over Internet networks) in order to leave fewer traces.
According to the FBI and the United States’s Cybersecurity and Infrastructure Security (CISA), the increased teleworking and the relaxation of users who fail to properly check calls and provide easy access to information has resulted in a significant increase in vishing in the United States in recent months.
Techniques most commonly used in vishing
In order for voice phishing to work and be successful, cybercriminals assume several situations, one of which is urgency. That is, they create an entire high pressure scenario where a lot of adrenaline is generated, and they pressure the victims that they can lose everything or fail miserably the organization if they don’t act.
In addition to mimicking the main character’s voice, it also mimics background noises such as office sounds, keyboards, printers, and a variety of real-life effects. You can even fake other employees’ voices that can be heard in the background. However, it’s all setup for stealing information.
Another technique is based on changing the location of the call to simulate that it is from a real company or location. This form of fraud is known as “spoofing”. There are various software on the market such as SpoofCard or Burnes that allow you to change the location of the call and the telephony IDs indicate that it is from a specific location or company.
To prevent this type of deception, it is always best Do not give out sensitive information over the phoneDon’t return strange calls. If the conversation gets suspicious and strange, it’s best to hang up right away. Then tell the appropriate authorities what happened and warn other colleagues so that they do not get caught up in the game of usurping identities by voice.
