What Is Vishing & How Business Can Protect Themselves

As is always the case, whenever new marketable technology is launched, fraudsters come forward to find ways and means to exploit these new applications with scams and cons.

One of these scams is Vishing. Vishing is a term derived from a combination of “phishing” – an attempt to gain access to sensitive information like PINs, passwords, or bank and credit card information, and Voice over Internet (VoIP).

Vishing is when fraudsters make a bid to acquire personal information through email, VoIP or telephone. A message is sent to the victim asking them to call a provider’s “customer service” where the caller is put through voice-prompted instructions from fake automated menus that ask for bank account numbers, passwords and other sensitive information.

One other way vishing takes place is when the victim receives a phone call from another VoIP account in an attempt to acquire critical information. Some fraudsters make use of devices to mask their real phone number in order to obstruct the victim’s caller ID, or use caller ID spoofing to make it appear that the call comes from a financial institution with a legitimate phone number, or even from overseas. In some cases, the victim receives a live or recorded automated message directing them to take action on their financial accounts, prompting them to give out sensitive information that scammers use to either exploit or wipe out the accounts in question.

As VoIP systems continue to become more affordable, user-friendly and widely used, vishing has gone on the rise, as well. Oftentimes, businesses get the blunt end of the stick, becoming vishing victims themselves, or losing customers who blame them for giving out sensitive information.

However, businesses can protect themselves and their customers from becoming victims to this new breed of fraudsters and scammers. Here are some ways to guard against vishing cons that seek to steal critical information:

1. Keep your staff well informed and up-to-date – by educating your employees about vishing, you can prepare your front line people and make them more aware of the kind of scams going around. Oftentimes, during busy days or peak hours, employees may miss the suspicious cues of a vishing con. Bringing up vishing and its dangers during staff meetings will make them more vigilant and proactive in avoiding or reporting vishing when it occurs.
2. Tell your staff to be suspicious of calls mining for information – train your employees not to immediately respond to callers seeking financial information. The best way to counter incidents like this is to ask the caller for their name and contact number and promise to call them back. Your staff can later check on and verify these contact details, or impart the information to authorities if proven suspicious.
3. Install a monitoring software system – you can pinpoint vishing by keeping a look out for patterns, consistencies or anomalies in the number of suspicious calls you receive. A majority of fraudsters and scammers utilize only a few VoIP numbers. You should constantly monitor these in order to block calls from them.
4. Simplify your security process – you or your business should partner with VoIP providers who offer systems with built-in digital signal encryption and anti-vishing software as part of their package.
5. Plan for contingencies – your organization should have an emergency plan in place in case your business and / or your customers become victims of a vishing attack. Even small businesses will do well to partner with security experts, have access to a privacy law firm, or cultivate established contacts with criminal investigation authorities.