2020 was a year that caught everyone off guard. With an international pandemic pushing more people into the digital world than ever before, cybercriminals saw an opportunity to take advantage of the situation. We've shared some insights on the recent rise in COVID-related phishing attacks and on ways to protect yourself against them, but our team at SeedSpark has noticed another worrisome trend - a rise in vishing attacks.
Vishing - making phone calls pretending to be from reputable companies to fool people into sharing personal information, such as bank details or credit card numbers.
In short, scammers have begun spoofing direct phone numbers by masking their real number and pretending to be a representative from a company that you're already familiar with. For the average person, seeing the "correct" phone number as a caller ID provides immediate validation that the call is real - however, that may not always be the case. In the cases that our team has identified, the caller will leave a message stating to urgently return their call.
Read more about spoofing from our friends at Malwarebytes.
For companies that provide services to their clients, urgency towards a return call can make someone think that something may be wrong with their service. The person may be so focused on wondering what the urgent issue is that they don't take the time to assess the situation and question the call itself. If a vishing call is returned, your personal information may already be at risk. CTO at cybersecurity firm Vectra, Oliver Tavakoli, spoke with BankInfoSecurity.com to share insights on the recent increase in cyberattacks.
"While companies should always strive to reduce the success rate of such inbound attacks, it will be near impossible to stop them all, and all of these attempts should be considered to be no more than a filter." - Oliver Tavakoli, CTO, Vectra
Combatting these attacks may be more difficult, but the average everyday user isn't without a line of defense. There are is one major step that you should take to keep yourself from falling victim to a vishing or phishing attack: learn.
Taking time to learn common prevention strategies is the most important step that anyone can take.
- Always check the sender's email address, looking for any abnormalities.
- Never click links received in an unusual email.
- Use common sense - if a call or email feels fake, then it probably is.
While using common sense may seem like... well, common sense, it's easy to get caught up in the moment and forget to run a basic check when you receive an "urgent" email or voicemail. When in doubt, always contact the person or company in question directly. If you receive a call from a trusted number, but the voicemail is from someone that you're not familiar with or that sounds unusual, call your account manager or company contact directly rather than hitting that "call back" button. It may be a small inconvenience, but taking a few extra seconds to dial that number could be the difference between staying safe and falling prey to a dangerous phishing attack that puts your data at risk for years to come.
Are you ready to boost your cybersecurity? SeedSpark partners with leading companies in the world of tech to proactively protect our clients against the latest attacks before they happen.
