Vishing

Vishing is a type of phishing that uses phone, robocall, voicemail, voice over internet protocol (VoIP), and social engineering to contact you in an attempt to gather personal information about you.

Robocalls

A robocall is an automated telephone call that delivers a pre-recorded message. Organisations, telemarketers, and adversaries use robocalls to reach millions of phones every single day. They make people’s phones ring with natural-sounding recorded voices and offer everything from auto warranties to games. In some cases it can even issues a threat to get your attention. Some robocalls can even respond to your questions.

Robocalls are made using auto-dialing software, and may use caller ID spoofing technology to make it seem as if the phone call is coming from someone else.

Detection

  • If callers are legitimate, it should not be difficult to authenticate their professional affiliation with another phone call. If they do not provide the information necessary to verify their identity, they can not be trusted.

  • Callers creating a sense of urgency is a huge social engineering red flag.

  • Caller sending unsolicited email or SMS messages is another red flag.

Mitigation

  • Hang up as soon as you notice it is a robocall.

  • Never say “yes” to any question.

  • Ignore any and all instructions, not even seemingly harmless instructions. Slippery social engineering slope.

  • Write down any information the person or robot provides on the call — without providing any details of your own. Do not give out any personal information over a phone, ever.

  • Do not click on links in emails or in mobile phone SMS text messages the caller might send.

  • Phone technology that locks a phone line after hanging up and redirecting next calls to the fraudulent caller exists. Do not call back using the same phone on which you received the call.

  • Note the number, what they said/did and report the call to a “Do Not Call” registry and/or anti-fraud program (if existing in your country).

Prevention

  • Keep your phone number private (including on social media).

  • Be aware of caller ID spoofing.

  • Do not answer unknown numbers. Many mobiles offer a “whitelisting” tool that will allow calls only from numbers in your contact list. Use it:

    • On iPhones (iOS 13 and later), go to Settings -> Phone, scroll down, tap Silence Unknown Callers, and turn it on. Calls from unknown numbers are silenced and sent to your voicemail, and will appear in your recent calls list.

    • On Android phones, tap the phone icon at the bottom of the home screen, then in the top right corner of the screen, tap the three dots -> Settings -> Blocked Numbers. Enable Block Calls From Unidentified Callers by tapping the toggle switch on the right.

    • Google’s Pixel phones have a tool called Call Screen. When you receive a call from any number, you can tap Screen Call on your home screen and Google Assistant will answer it for you and ask the caller to identify himself or herself and the reason for calling. When a caller responds, a real-time transcript of the response is displayed.

  • Ask governments for “Do Not Call” registries and Anti-fraud programs, if not available yet.