CYBER BLOG: I just called to say…

CYBER BLOG: I just called to say…

I just called to say…

Most people are now aware of phishing and spear phishing scams these days and are rightfully cautious when they receive emails asking for personal details. Recently however there seems to have been an increase in the number of people being caught out by vishing.

What’s vishing? Well it follows pretty much the same principals as phishing but is normally carried out over the phone. Typically, a victim will receive a phone call claiming to be from their bank. The caller will come up with a plausible story about attempted fraud on the account and then will need to carry out a few procedures including a “ghost” transaction to secure the account. Unfortunately, this isn’t a “ghost” transaction but a real transaction and the result is a loss of cash for the victim. These figures can vary widely depending on how brazen the attacker is.

What’s this got to do with cyber? Well, the attacker will normally carry out some reconnaissance prior to conducting the attack. They will find out who you bank with, who the best person to call is, they may even find out your bank balance.

How do they do this? Well, we all leak information online at an alarming rate. The attacker just needs to know where to look. Increasingly these attacks are being conducted against businesses and charities rather than just individuals as the return is potentially greater for them. Businesses commonly post online the name and contact details of their important staff. Take a look at the “About Us” page of most businesses and there are the details of the people who hold the purse strings. These then become the target of the attacker looking to trick them in this scam. Once enough details have been gathered, either through just looking online or through other social engineering techniques, the attack can begin.

So what should you do if your “bank” calls and says that there is suspicious activity on your account? The first thing to do is be suspicious. Tell them “thanks for the call, I’ll call you back shortly”, then hang up. They may be insistent on talking to you, they may even give you a “direct line” to call. Whatever you do, don’t dial that number. Go to the banks website and find the number from there and use that number. Then ask if there is any suspicious activity.

It is really important that you don’t give out any personal information over the phone if you were not expecting the call. Even if the call sounds genuine, always double check by calling a number you know belongs to the banks and speak to someone other than the person who claims to be from the banks.

It’s important that you are aware of the information that is available about your organisation and yourself and how this could be used against you.

If you want to know more about your corporate or individual footprint contact us on [email protected]


Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.

Forgot password?