The Pishing scam (and its variant Vishing or Voice Pishing) is done massively with constant attacks on thousands of potential victims.
Every day companies have become more aware of the disasters they may suffer due to cyber attacks and that is why they strive to keep their infrastructure always safe.
But cybercriminals know that people are the weakest link in any company. That is why they do not stop trying to make fun of all the defenses in the search for “distracted” employees who can provide them with a gateway to continue profiting.
And it is these that can easily provide illegal access to corporate networks, unintentionally revealing sensitive information.
Just as in Phising the means are emails, Vising uses the telephone, through calls that supplant the identity of serious corporations such as trusted technical services, banking entities, etc.
Tips on how can we recognize a fraudulent call?
- They usually use recordings or generic greetings, they never recognize you by your own name.
- They are identified as financial entities, transport companies, telecommunications, messaging, etc., always as a trusted third party.
- The information of your company that they handle is usually available on public corporate websites or social media profiles.
- They use an urgent tone to solve different problems that affect you: unsecured systems detected, problems with bank accounts, package delivery, etc.
- To make it more credible, they usually transfer the call to another department that will ask you to provide or update sensitive data (access, passwords, card numbers ...)
How to react to a suspicious call?
Listen and be alert to suspicious signals
Avoid providing unauthorized company information (customer data, contact information, confidential information ...).
Do not perform any requested action such as password changes, settings, click on any link, etc.
It is good to verify the identity of the person who is calling and keep the number of which they have called and collect all possible information that may be useful to give notice to the appropriate authorities.
Immediately inform any person in charge of the company providing them with all the data that you have been able to collect as well as the actions that you have been able to do.
Having our employees aware of this scam is essential, as well as having simple procedures so that any employee can report what is suspicious.
These types of attacks are cyclical, so when criminals notice that protective measures have been taken in the company, they take a break and wait for the ideal time to retest, hoping to find another employee off guard.
