How to Keep Your Business Safe from Voice Phishing Scams?
Admit it; you’ve played a phone prank on someone at least once in your life. Where’s it’s alright playing around a little, voice phishing is anything but fun. Also called “vishing,” these scams often make interesting press stories – consider the events in April 2016 when employees of a Burger King store in Minnesota were convinced to break the windows of the store!
Pranks aside, voice phishing is a major security concern for organizations across the globe. As you are trying to ink your next big deal, there are voice phishing gangs out there posing as homeland security officers, court officials, credit card service reps, and IRS agents, asking unsuspecting people to part with their banking information. In 2016, Maine Judicial Branch had to release a press note advising residents to be wary of scammers posing as courthouse officials.
Voice phishing covers any tactic of using voice communication to steal personal, financial, and social information from victims by impersonation. Voice phishing scams primarily aim at stealing banking and credit card information from victims or nudging them into making money transfers to scammers’ accounts on false pretexts.
Vishing also aims at extracting crucial information from victims to aid more advanced social engineering and phishing attacks, such as follow-up emails, personalized voice phishing calls, etc. Another massive risk for businesses is that loss of bank funds because of voice phishing is a gray area in legal terms, with many instances where banks push for the responsibility of safety to be placed on account holders.
There are a lot of digital security tools out there to avoid phishing scams, but a voice adds a layer of trust to information transactions, which these scammers use to their advantage.
Common Voice Phishing Scams
Let’s talk about some common ‘vishing’ scams and the right way to respond to them.
Scammers posing as IRS agents call unsuspecting individuals and threaten them with arrest or deportation because of unpaid balances. They then ask victims to send the money on a pre-loaded debit card, or via wire transfer. The best response is to ask for the employee badge number of the posing officer, callback number, and employee name. Contact US Treasury via these contact channels and report the call.
Scammers use software to call random phone numbers and tell the victims that their credit card information has been stolen. They advise victims to call another support number, report the data theft, and seek resolution. This alternate support number is also manned by scammers, who then use panic creation tactics to get credit card number, social security number, and passwords. Whenever you receive such calls, use a web phone search to find out whether the callers are genuine representatives of the credit card service.
Posing as Information Technology team personnel, scammers ask for computer or online account passwords from a business’ employees or ask them to download software from some web links. This is with the intent of stealing critical information from workstations. To make sure your organization’s employees know better, send them reminders to never disclose their workstation or account credentials.
Best Practices to Keep Your Business Safe From Voice Phishing
Your business data is sacred, and it must not fall into the wrong hands. To make sure your employees also understand voice phishing risks, follow these best practices.
Block Suspicious Callers
Ask your employees to be very particular about reporting and blocking any phone numbers that they deem suspicious. Considering how scammers use software managed systems to unleash blitzkriegs of fraudulent SMS on random mobile numbers, it’s imperative that all such attempts are immediately spotted and blocked.
Train Employees to Stay Safe
Your business data is only as secure as the most unsecured and untrained employee in your team. Make it a point to organize IT security seminars to demonstrate phishing and ‘vishing’ risks, and remind employees to always stay alert.
Seek Professional Help
Seek out professional anti-phishing services to test how secure your business is and to fill the chinks in the armor. These services expose the vulnerabilities of your business to voice phishing and help organize training and sensitization sessions to prepare all stakeholders to work in high-risk settings.
Voice phishing is real. Before a cybersecurity or communications services innovator comes with an almighty solution, take the responsibility of safety on yourself, and follow the tips and tactics mentioned in this guide.