If you don’t think you should trust someone or a link you received, trust your instinct. It’s far better to be safe than a victim of a vishing scam.
Vishing scams have quickly become another major security threat for people around the globe. And although Interpol has cracked down in recent days, the risk of being targeted — and falling victim — to vishing scams has reached new heights.
Interpol announced last week that it had conducted raids over the past two months across 76 countries as part of its Operation First Light 2022. The effort, which spanned more than 1,700 locations and identified 3,000 suspects, aimed at targeting fraudsters who engaged in a variety of social engineering and human trafficking activities, including money mule herding and sexual slavery operations. The crackdown focused on criminals who use social media and other technologies as their main mode for finding and exploiting victims.
All told, Interpol was able to freeze 4,000 bank accounts, intercept $50 million in illicit funds, and arrest 2,000 people across the globe.
Human trafficking and money laundering have long been a core Interpol focus. And while law enforcement agencies have warned about vishing scams for years, Interpol acknowledged in a statement last week that it’s become an increasingly concerning problem in the broader area of cybercrime.
Vishing is short for voice phishing or voicemail phishing. In either case, the criminal uses voice communication (or the promise of voice communication) to target individuals and coerce them into sharing sensitive information about themselves.
Vishing scams have become an especially prominent problem among those who are less digitally inclined and may be more likely and willing to hand over information over the phone.
Vishing scams can come in many forms, but they generally involve two vectors that both aim at getting you to hand over your information.
The first method, voice phishing, aims at getting you on the phone. In some cases, fraudsters will pose as bank officials or those from a government entity like the Internal Revenue Service. They may even say they’re from a cybersecurity company. Depending on the angle they take, the fraudsters will seek to dupe you into believing that your personal information is at risk, has been stolen, or you simply owe money for something. They’ll then send you a link to a fraudulent site that will be used to steal sensitive information and credentials to bank accounts, email accounts, or any other data they’re targeting.
Voicemail phishing scams are designed for those who use services like WhatsApp for their voice messaging. They may also be used against corporate users who receive emails when voicemails are left on their work phones.
While the emails or messages from the fraudsters will look legitimate and appear to come from a real voicemail service, they’re not. Instead, when you click on the link in the email to listen to your voice message, you’ll find a malicious page that aims at stealing your information.
Vishing scammers are effective at what they do, so it’s important not to underestimate them. But there are some steps you can take to protect yourself.
For one, don’t ever share personal information with anyone over the phone without verifying that they are indeed from the organization they claim to be. Instead of talking to the person who calls you, instead call the organization itself by using their official numbers listed on their website.
Whenever you receive an email purporting to include a voicemail, take a second to evaluate whether it’s legitimate. While it may look like a real email, inspect the link it wants you to visit and check to see whether it came from the domain you’d expect. In some cases, vishing scammers will use domains and links that look similar to the desired destination but not identical.
Finally and perhaps most importantly, if something just doesn’t feel right, don’t trust it. With all the scams we face each day, it’s easy to fall prey. But if something feels off or you just don’t think you should trust the person or link you just received, trust your instinct. It’s far better to be safe than a victim of a vishing scam.
We are witnessing a full-scale cyberwar, in real time, take place in front of our eyes. Cybersecurity and digital freedom are now, quite literally, life and death issues in Europe.
CISA named GootLoader a top malware strain of 2021. Earlier this year, it targeted users searching for plea agreements, but lately, the threat actors are targeting users who are about to be laid off and searching for transition services and other employment-related documents.