With electronic communications such as email and text so popular, you’ve probably been told by your employer to look out for phishing attempts. If you’re unfamiliar with phishing schemes, they’re when scammers pretend to be someone you know and send you an email or text asking you to click on a suspicious link or attachment to gain access to your data.
To avoid these attacks, your organization may have trained you to always think twice before acting on an email and to delete it or send it to IT if anything appears suspicious. These are great and welcome practices, but what about when a scammer calls you directly?
Although landlines have become outdated, and mobile devices have settings that do their best to block scam calls, criminals are still using phone attacks to gain access to your money and data by impersonating others. These attacks are called voice phishing, or vishing.
How can you detect if a call may be a vishing attempt? There are four main indicators, often called the “4 P’s of vishing”.
The phone scammer pretends to be someone whose instructions you might normally trust, like an IT support worker, an authority figure, or someone calling on behalf of a family member in trouble. If the request is unexpected, don’t be afraid to tell them you want to confirm with another trusted contact and hang up.
Problem or Prize
The unexpected caller states you or someone you care about has a problem or is in trouble. For instance, they may inform you there’s a virus on your computer that needs to be removed or a distant family member who needs money, or it could have a positive spin like you won a lump sum of money or a big prize. If the request seems suspect or the reward seems too good to be true, it probably is.
In most cases, there’s a deep sense of urgency on the call with a phone scammer. They’ll lie and convince you that action must be taken now — or else. The caller may even threaten you. On the other hand, they may approach the urgent situation in a helpful manner and try to walk you through the actions they want you to take. No one on the phone can make you act. If urgent assistance is requested, it’s most likely a scam.
You may be asked for random payment as part of the phone call. Usually scammers want you to pay them in ways that can’t be refunded or easily tracked, such as with cash, a gift card or even a wire transfer. For instance, they may request you make a $2,000 payment on behalf of the scammer, and in return they’ll send you a $2,500 check, saying you can keep the change only for the check to bounce after the fact. If a payment method seems odd or nonsensical, it may be a vishing attempt.
Handling Potential Vishing Attempts
To be 100% safe, it’s always best to avoid answering an unexpected call if the caller isn’t listed as one of your trusted contacts. If the call is legit, they’ll leave a detailed voicemail explaining their reasoning for the call.
If you do answer the call and it’s an automated message that’s unfamiliar, hang up. Avoid interacting with it, and don’t press any keys or respond.
If the call isn’t automated and appears to be from a business or another establishment, hang up and use the number on the organization’s official website to confirm the call’s legitimacy. If on any random call the caller begins demanding money or wants you to pay them with a gift card, it’s a scam.
At Creative Planning Business Services, we partner with clients to establish training and protocols that combat fraudulent attacks like vishing and phishing. Our team provides insightful resources and advisory so that businesses can develop cyber strategies that reflect the unique needs of their operations and keep personal data secure.
If you’re interested in learning more about our cybersecurity services, contact our team today — we’d be happy to discuss them further.