Security Awareness Quick Tip: How to Identify and Avoid Vishing Scams (Phishing Series Part 02)

December 24, 2019

Phishing scams come in many different forms, from fake emails and pop-up ads to phony phone calls and bogus websites.
One of the most common forms is the vishing scam.
Vishing is the voice version of email phishing. “V” stands for voice, but otherwise, the scam attempt is the same. It is a phone scam in which individuals are tricked, or scared, into sending money, handing over financial information, or even allowing remote access to their computer. The criminal pretends to be from a legitimate software security company, bank, or maybe maybe even from law enforcement, or a government organization, such as the IRS. The goal is always the same — to get you to send money or hand over sensitive financial information, usernames, or passwords, or to trick you into giving them remote access to your computer.
So, how do you protect yourself against vishing scams?
If someone calls you, never give personal information over the phone. If you’re asked for it, simply hang up, or tell them you’re going to call the main office directly. If it’s a legitimate call, the main office will be able to direct you to the person you need to talk to. Scammers know this, and will do anything to keep you on the line. Sometimes they’ll even give you a number to call them back directly. Avoid doing this, as the number they give you may not be for the legitimate company they’re pretending to represent.
Simply hang up the phone and research the company in question — especially if you’re not sure if you have an account with them or have ever done business with them. Make sure the company website is legitimate and call their main number and ask to speak to a representative concerning your account to see if the previous call was legitimate.
If you’re dealing with an unfamiliar company, or an organization you don’t remember dealing with, be highly suspicious. Scammers will sometimes create fake companies with legitimate-looking websites in an effort to trick people into thinking they’re real. When in doubt, think twice about giving them information, money, or remote access to your computer. It’s not worth the risk. Legitimate companies know this and will not pressure you or threaten you if you decline to give them personal information or remote computer access.
If you think you’ve been the victim of a phishing scam, consider some the following actions:
Change your passwords. Your computer, financial institutions, and any other password-protected websites that you visit should be updated with unique, and strong, passwords.
Run a Full System Scan for viruses on your computer.
Contact your bank to report that you may have been the victim of fraud.
Use Norton Power Eraser to scan your computer. It isn’t a replacement for a full-featured antivirus program, but it’s totally free, and can help detect more complex threats than using an antivirus program alone.
And, consider filing a complaint with the appropriate anti-fraud organization in your country
Security is non-negotiable, and security awareness isn’t limited to the workplace. Be sure to talk to your friends and family about the inherent security risks associated with their actions at work, at home, and at school — whether they’re online or not.

No Comments

Leave a Reply