Last Updated On October 14, 2018
Suggested Read (1):
What is Vishing?
The main objective that an attacker wants to accomplish during a vishing attack is to receive confidential/sensitive information. In attempting to do so, an attacker must gain your trust and provide you with comfort before they ask their key questions.
Detecting a vishing attack could easily catch you off guard, especially because so much information is already publicly available and most people don’t expect it to happen to them. However, there are still a few ways to increase your chance of detecting such attacks. If the call is unexpected, you should ask yourself the following questions:
- Is the phone number on the caller ID legitimate? (It can be spoofed, but nonetheless still a valid check)
- What do they want to know?
- If they are asking for something sensitive, can they verify information that only internal employees should know?
Tips to remember
In addition to the aforementioned questions to ask, these general rules should always be followed:
- Never give your password out over the phone or email. This should be an immediate red flag
- Ask to give them a call back if the number appears to be legitimate. Attackers can spoof any phone number, so calling the number back ensures it’s the real phone number
- Before you provide any sensitive data, verify their identity to the best of your ability
Remember, it’s best to be safe than sorry. If you have to go through extra measures to verify a caller as opposed to just simply handing over information, it is well worth it.