Cibersecurity Newsletter
JUNE 2020

Vishing

Did you know… Vishing is one of the most successful methods to get access credentials and personal and professional information?

This attack can be initiated via:

Check

Phone calls – where the attacker says that they belong to trusted institutions to get information

Check

Phishing e-mails (learn more here) - they want you to resolve issues by contacting the given e-mail or phone number directly

Check

Voicemail messages - similar to the situations above

Vishing (the combination between Voice and Phishing) is an attack method that tries to convince users to provide their sensitive personal or professional information, usually financial information, via voice calls.

1. Recognize the warning signs

A) Generic greeting: Attackers rarely know user's names

B) Sense of urgency: It's frequent to emphasize the urgency of the situation to lead victims to do what they want

C) Immediacy: The goal of attackers is to lead you to act immediately. To trigger those actions, they use awards, special and limited gifts, or emphasize the urgency of certain situations, such as unlocking a device or unblocking bank accounts

D) Representation of trusted entities: Attackers often identify themselves as representatives of trustworthy entities, such as banks, tech companies, telecom companies, post offices, among others

E) Personalized information: Even when the contact seems reliable because it uses your name, postal code, or position, always confirm the source, namely by searching or by directly contacting the entity in question

Image21

2. Think before you act

Check

Do not provide contact information or any information concerning your corporate structure or activity by telephone

Check

Do not provide sensitive data, namely financial data, or credentials to access financial data, especially when the contact is initiated by the other person

Check

Regardless of their nature, do not perform the tasks requested during the call

Check

Never make any payment. This is a strong indicator that you are being a victim of attempted fraud

Image22

3. Be critical, do your research, and hang up when in doubt

Check

Do not trust phone calls where callers ask for sensitive information or money

Check

In case you doubt the caller's identity:

A) Go to the real website of the institution independently and confirm the telephone number

B) Ask for technical information that only a real employee could know, and analyse their answer

C) Search for the contact on the Internet. There are forums and websites that describe scams where you can identify common aspects of the contact you just received

Check

If there's still doubt, hang up. Then, look for the real contact of such entity and see if the number that called you was, in fact, reliable

Check

Avoid giving any sensitive data when you are the call recipient. If you think it's worth it, use the number and call the entity in question yourself

Image23

Archive

2024

2023

2022

2021

2020

2019

Subscribe our newsletter.


Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.