Voice phishing, or “vishing”, has a number of meanings. One type of vishing is when cybercriminals use social engineering tactics over the telephone to steal victim’s financial and private data or other personally identifiable information (PII). For instance, scammers may use phone spoofing to call you impersonating Microsoft, claiming there’s a virus on your computer, and offering to fix it for a fee.) Or they may use an automatic dialer to call phone numbers on a given list or in a specific region, and anyone who answers will hear an automated message claiming to be from a financial institution, likely reporting a fraud, and asking you to enter your credit card information to see if you were affected.
Other types of vishing can occur when an internet user unwittingly clicks a malicious link, only for their computer to suddenly lock up with what looks like a Blue Screen of Death from Microsoft, telling them to call a specific number for assistance. That number, however, calls the scammer who planted the malicious link, and one of their friendly “technicians” will be happy to help you, if you pay a small fee.
Although criminals can be very clever, and it can be difficult to identify a vishing attack, there are a few things to keep in mind that will help you avoid these attacks. First, Microsoft will never call you out of the blue and offer to fix your computer. In fact, no legitimate software company will initiate an unsolicited call to offer you technical support. If someone calls you claiming to be from Microsoft or another software company, hang up the phone. If you want to be certain there’s nothing wrong with your computer or software subscription, look up the company’s phone number on their official website and call their technical support line. Also, never enter your PII into an automated phone system that called you. If you initiate a call to your financial institution using the number on the back of your card, and they have an automated system, you’re likely to be safe. But if an automated system calls you asking for information, hang up right away.
If you think you’ve received a vishing call, be sure to report it to the appropriate authorities. In the US, that’s the Federal Trade Commission, and the FBI’s Internet Crime Complaint Center.