What is vishing and how do you protect your business from it?

We’ve all heard of phishing – attempting to extract personal details from people using fake emails – but there’s a new scam on the block in the form of ‘vishing’. Basically, this is phishing by phone. The scammer will call pretending to represent a trusted organisation, like a bank or insurance company, and try to get hold of personal or financial details.

Image Credit

How vishing works
All these types of fraud rely on social engineering https://www.bbc.co.uk/news/business-35201188 to trick people into disclosing information. The scammer will usually employ caller ID spoofing to make the call appear to be from a legitimate number.

Image Credit

Calls usually follow a set pattern, the scammer will claim to be from your bank or similar. They will say that there’s a problem with your account or with a particular transaction and will use this to try to get you to disclose sensitive details like account numbers, payment card details and so on.

Sometimes vishing and phishing can be combined, sending emails asking you to call a number to sort out a problem with your account. This way not only are you being scammed, you are paying for the call.

Protecting your business
So, how can you keep your business safe from vishing attacks? If you are using an IP-based phone system from a VoIP wholesale supplier such as https://www.idtexpress.com/blog/category/wholesale-voip you will usually have the ability to apply filters that can block calls from suspicious numbers. You should also consider using call recording technology to capture conversations with suspected scammers.

The best thing you can do is to raise awareness among your staff. If they know this type of scam is out there they can be on the alert. They should know never to disclose sensitive company information over the phone. If you are dealing with a genuine caller they will be happy for you to provide details – if required – another way. If you have recorded calls with scammers these can be used as a training aid.

If you are not sure if a call is genuine, do your best to verify the caller’s identity. Ask for their name and job title then offer to call them back. Don’t, however, call back on a number they give you, use a known genuine number for the organisation they claim to be from.