Thursday, May 6, 2021

Vishing — Phone Call Attacks and Scams

via Jen Fox, SANS OUCH Newsletter...
While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims...

The greatest defense you have against a phone call attack is yourself. Keep these things in mind:

  • Anytime anyone calls you and creates a tremendous sense of urgency or pressure, be extremely suspicious. They are attempting to rush you into making a mistake. Even if the phone call seems OK at first, if it starts to feel strange, you can stop and say “no” at any time.

  • Be especially wary of callers who insist that you purchase gift cards or prepaid debit cards.

  • Never trust Caller ID. Bad guys will often spoof the number, so it looks like it is coming from a legitimate organization or has the same area code as your phone number.

  • Never allow a caller to take temporary control of your computer or trick you into downloading software. This is how they can infect your computer.

  • Unless you placed the call, never give the other party information that they should already have. For example, if the bank called you, they shouldn’t be asking for your account number.

  • If you believe a phone call is an attack, simply hang up. If you want to confirm that the phone call was legitimate, go to the organization’s website (such as your bank) and call the customer support phone number directly yourself. That way, you really know you are talking to the real organization.

  • If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way you can review unknown calls on your own time. Even better, on many phones you can enable this by default with the “Do Not Disturb” feature. more