Vishing: How Fraudsters Use Caller ID To Fool You

Cyber fraud has grown at an alarming rate over the past couple of years. We’ve seen headlines of both small and large companies experiencing attacks. And this has caused many businesses to take action.

Many have invested in the latest software and hired experts in the cybersecurity field to solve this problem. However, this is where the problem starts. They focus too much on protecting themselves online and forget one of the weakest links in cybersecurity: human psychology.

People will make mistakes, and a skilled cybercriminal will exploit this by using social engineering. That’s why we are seeing a growing number of vishing trends and site technologies like SpoofCard enabling cyber fraudsters to spoof phone numbers from anywhere in the world.

Fraudsters have become smarter, more aggressive and are equipped with more information than ever before. And by adding a personal touch, victims don’t even see the fraud coming. Here’s how fraudsters directly engage their targets via vishing.

Why is vishing a growing trend?

Vishing is a type of social engineering fraud where people are manipulated over the phone. It’s a growing trend because most people are focused on internet fraud.

Cybercriminals are now preying on an area victims don’t expect: the telephone. When going through a big transaction, people are used to talking on the phone. If they get a call from a “reputable firm”, they don’t think it’s a scam. This is because we’re used to trusting companies and authority figures. We just assume they're legit.

The sad thing about this process is that it doesn’t require any special skills. With the willingness to get on a phone call and learn some simple tools, anybody can do this. That’s what makes it so lucrative.

How is vishing commited?

Not too long ago vishing frauds were done through voicemail.

You’d get a call from a “reputable" company, and they’d leave a message giving you a warning. You would be asked to give some information so they can go ahead with a part of the deal. At the end of the call, they would ask you to contact a specific number. And when the recipient called that number, it was a cybercriminal on the other end of the line. Although this fraud still exists, a lot of people don’t fall for it anymore.

However, it’s important for you to know this since you may still get one of these calls. What you really need to watch out for is the new and updated version of this scam.

Cybercriminals have realized that people are more likely to give information to the individuals they know. So now, they’re making each call unique to the recipient. They are trying to come across as a real person and build rapport with their victims.

How does a vishing scam work?

1. They find your personal information

With some basic online research, a cybercriminal can learn a lot of things. A quick Google search can reveal sensitive company data. On LinkedIn, they can find out who the employees are and their titles. And once they find a target, Facebook can help them gather personal information.

When they call you, they have all the information you’d expect from a real company.

2. They make it sound like they’re in an office.

Before the call, they make sure to create the right atmosphere on the phone. No call from a company will be completely silent in the background. You will always hear people talking, phones going off, and the sound of keyboards typing away. So cybercriminals got a hold of this.

They will go on YouTube, search for “office background noise”, and let it play as they’re talking to the victim. Once they’re on the call, it sounds like they’re operating from a legitimate office, and most victims can’t even tell the difference.

3. They fake their caller ID.

Did you know that you can make your phone number show up as a different number on the victim’s caller ID display? It’s called SpoofCard and anyone can install it on their phone.

Cybercriminals use this app when trying to come across as an employee from a specific company. They look up their phone number, extension number, and then put it on SpoofCard. As soon as the victim gets the call, they think it’s from a real company they’re doing business with. But it’s actually just a fake number.

4. They sound professional.

If you’re going to sell and negotiate with someone on behalf of a company, you need to have people skills.

Cybercriminals who practice this type of fraud are great at displaying empathy and attention to details. They’re well-spoken and offer their victims exceptional customer service at every step in the process. As you can see, each step builds trust, and that’s what makes this scam so easy to fall for.

How can you protect yourself from vishing?

Although cybercriminals are making it harder to detect these types of frauds, you can certainly prevent them by following some simple rules.

Here are the things you need to watch out for:

1. Don’t give out your personal information.

A fraudster will try and pressure you. They’ll say they need your information quickly. Many will even offer to hold you on the line while you do what they instructed you to. Simply say that you can’t take this request now and you’ll contact the main office later.

2. Be skeptical of caller ID.

As we mentioned earlier, it’s easy to create a fake number. Just because it looks like it came from a reputable company, doesn’t mean it did. Double check to make sure that the person calling you is legit.

3. Use external resources.

There are so many things going on in a transaction, and everything happens at a fast pace. Since fraudsters have managed to make their scams look real, it’s almost impossible to check every person you talk to.

One thing you could do is use software to take care of this for you.

At CertifID, we handle identity confirmation, so you don’t have to worry about any of this. It’s a process that’s quick, easy and doesn’t require any special software or system upgrades. We’ll show you how to keep your company and clients safe from vishing fraud.

‍