How To Prevent Vishing: Stop Hackers From Identity Theft
Most people have heard of phishing, but are unknown to the concept of vishing. The odds of you knowing how to prevent vishing are even lower. After all, it is a relatively new concept that evolved from deepfake technology, which utilizes Artificial Intelligence (AI) and machine learning algorithms to realistically copy someone else’s likeness.
Most people will know deepfakes from the infamous videos and images that are spread around the web, mostly for entertainment purposes. Donald Trump’s face on Justin Bieber singing a song in Trump’s voice, and more fun stuff in the same type of category.
But there’s a dark side to deepfakes, and one of the many bad applications of deepfake technology is related to audio. It’s the absolute perfect way for hackers and digital criminals to get pretty much anything they want from unsuspecting victims. And that’s not limited to credit card details to extract some money. It goes beyond that – we are also talking about identity theft that can potentially ruin someone’s life in a way you would not imagine to be possible.
Vishing is a vicious attack method that preys on the weak people in society, using emerging tech that is surprisingly easy to get a hold of, as soon as you know where to look for it. Let’s start at the basics first, and explore the concept of vishing itself. That’s the essential information we are going to need in order to fight the phenomenon. Or at least, attempt to start doing that. Let’s get started.
What Does Vishing Mean?
Vishing or voice phishing is a form of phishing using telephone fraud, often with the use of deepfake technology. Essentially, it is the act of using the telephone in an attempt to scam the victim into surrendering their private information. The extracted private information, such as credit card details, social security numbers or ID documentation can and likely will be used by the scammers for identity theft.
Vishing phone calls are often done in a way where the scammer pretends to be from a legitimate business or organization. They will attempt to fool their victims into thinking they can profit from an offer, or they will mislead the victim into thinking something bad will happen if they do not hand over the sensitive personal information that is relevant to them as an individual. The voice of a family member, friend or loved one can also be used to perform vishing acts, as deepfake tech allows the scammer to say anything they want with any type of voice they’d like to use.
Deepfake vishing is a special form of vishing, which can take multiple forms. Often, a large institution name or business name is used by the criminals. Money requests are often made by deepfake voices of family members or friends, which later turns out to have never actually made such requests to the victims. The most common types of vishing impersonations are related to the following types of organizations and organization categories:
- Telemarketers: Winning a (fake) prize, offering great business opportunities, great offers for products at a cheap price, charity that needs money for a good cause, a free trial of a product or service are all ways telemarketers use to perform acts of vishing on other people.
- Governmental organizations: Most commonly executed using some type of tax scam or impersonation of police or local governmental body that required verification of personal identification details of the victim.
- Tech support: A seemingly legitimate tech support official or helper will extract passwords or other personal digital information (such as login details of banks or credit card payment services). The scammer will often attempt to gain remote access of the computer to install virus software, such as a keylogging software that will store passwords and send them over to the digital criminal, after which they can be used for malicious purposes.
- Financial organization: The last common type of vishing scam is related to banks and similar money-related institutions. A common way victims are approached is by asking if they’d like to make a test payment. Money requests in deepfake vishing can also be done through e.g. family or friend requests for money that aren’t actually coming from family or friends, but are created in deepfake audio software by scammers.
Methods To Prevent Vishing Scams Or Identity Theft
Every person is at risk of vishing or phishing attacks, but especially vulnerable groups such as the elderly or digital illiterate people should be protected from these types of scams. Stopping hackers from extracting money or even your identity, is harder than it seems. A lot of it will have to do with seeing through the tricks and pre-emptively reacting to them.
We’ll go over some of the most important methods to prevent voice phishing scams and hacks, which are actions that are applicable in a lot of situations related to digital manipulation. It’s important for everyone reading these methods to think about how you yourself could start implementing them into your daily lives, so you’re protected against such criminal acts.
1. Minimize the risk
The first thing everyone should do is minimize the risk of actually getting into contact with a scammer, whether that is through email (phishing) or telephone connection (vishing). But what does it actually mean to minimize your risk or even being at a serious risk in the first place?
It’s quite simple, really. Start protecting your personal information. Stop giving out your e-mail, name or birth date on every single website you encounter. Don’t sign up for small charities or business subscription services. Shop at places that have good ratings. Google an e-commerce shop and check out their ratings on third-party websites before you give out your details and buy something from them.
The list of things you can do to actively protect your personal information goes on and on.
Other things you can do include getting a post office box that cannot be traced to your personal address. This way, your home address will be protected. Get a separate e-mail address that you can use that isn’t linked to your name and is only used for signing up to services and businesses. Get yourself a cheap second cell phone with SIM card that has a separate phone number. Don’t give out your real birth date to companies and charities.
You get the idea. Mask your identity wherever possible, as much as possible. It’s not dodgy, it’s self-protection in an increasingly hostile digital environment. You have every right to refuse giving out your personal data, even if a governmental organization requests such information over the phone. Request them to hand it out via postal mail instead. That immediately brings us to the second protective measure you can potentially take to protect your personal information: using the verification method wherever possible.
2. Verify before you hand out sensitive data
Scammers and criminals that perform acts of vishing will always contact you before you contact them. If any organization (or even person you know in real-life) calls you and it’s not their number, hang up and call that organization or person back yourself, using their real number. Don’t hesitate about that. Verify their identity.
This is why it’s so important to be able to see people’s numbers. If they hide their number ánd ask for personal data, assume they’re trying to steal from you. Hang up and call that person or organization back using the number they gave you at an earlier point in time.
Verification is even required for relatives using hidden numbers. Because vishing now makes it possible to mimic the likeness and voice of loved ones or colleagues as well. The FTC has given official warnings about such criminal acts already. So be warned, even if you know the person.
What you should do instead, is be hesitant to give out personalized data. Especially that data that is unique to you as a person, such as your social security number or government ID numbers on your passport or ID card. Question people thoroughly that request such information. Do they actually need it? What is it for? Can they do without it? If the answers are dodgy or dancing around the core reason, you know something ‘fishy’ is going on. That’s where you hang up and stop giving out your data. Better to be safe than sorry.
3. Update your passwords regularly
Updating your passwords on websites, your email, your phone or even your credit card is important to stay ahead of criminals. This is not just true for vishing, but also for other types of criminal activities and data hacks.
Let’s say you called with a company that does tech support over the phone. It is inevitable that you’re going to hand out passwords of something to them, or tell them something else that might be of interest to them. Record conversations with tech support where possible (here’s a practical guide on how to pull that off). Listen back immediately afterward and start changing all information you gave them. Your passwords, your email data, and more.
It might sound a bit paranoid, and perhaps it is, but it is effective and it works. And you should change up your passwords and details regularly anyways.
4. Keep track of payments and store ID documents safely
If you’re organized in your personal administration, you know exactly how much money goes in and goes out every single month. You know where your administrative documents are and how you store them. You keep sensitive data inside a physical safe or other secure location. Encrypt your personal data on your computer and especially don’t put personal information with your name on cloud storage services like Dropbox or Google Drive.
Vishing criminals and hackers will try to get this information. They will prey on it until they can extract it from you. Don’t fall into their trap and stay one step ahead at all times.
If you’re organized, nobody can steal money from you without you ever noticing. Make an excel sheet of your monthly expenses in each category, and verify it each month against your credit card expenses. Is something off? Do the numbers add up? Are there payments that look suspicious to you or that you cannot remember making? Information and knowledge protects your assets, so use that to your advantage against scammers on the internet or on the phone.
5. Erase your ‘digital footprint’ where possible
The recent introduction of privacy protection laws, such as the GDPR in the European Union which impacted pretty much the entire internet and its data, also can be used to your personal advantage in your quest to prevent vishing attacks.
Every website now has the legal obligation to present you with all the information they store about you. You can usually make a request about this information from the details on the privacy page of each organization’s website.
You also have the option to request that same organization or website to remove your data altogether. Please note, this might impact your ability to use their services in the future. However, deleting your data also protects it from getting leaked. And leaking of data happens an awful lot.
You have the right to be forgotten. Even on search engines like Google.
You can scrub your entire likeness off of the internet if you wish to do so. And beyond that as well, even in personal administrations from organizations you have signed up for at some point, you can ask for deletion of sensitive personal data. But please note, this is only true under some circumstances. You have to have a legitimate reason to start scrubbing yourself off of the web.
Prevention Is The Best Way To Stop Vishing
Sadly, beyond the preventive measures explained in this article, there is not much we can do to stop vishing attacks from happening. There will always be vulnerable people that never actively protect themselves against such attacks.
With the rise of deepfake audio, imitation of relatives and friends, as well as colleagues will become increasingly simpler. It’s a real risk that people don’t take into account, because it’s not really an issue yet. The technology is being used sparsely, however, vishing is still one of the more emerging ways to extract information or money from unsuspecting victims. It’s a new take on an old scam.
Using our common sense and refraining from giving out sensitive information when we don’t really have to, is the best bet most people will have against voice phishing from criminal organizations. This critical attitude should be learned to everyone. On schools, in communities, but also to the elderly and especially to the digitally illiterate people around the globe.
While the new form of scams is still in its relatively early stages, the informed people have the moral duty to warn those that are more at risk. Go through the preventive measures with your loved ones, the people around you. Tell people they shouldn’t just give out sensitive information when they don’t actually need to. Not even to people they know and love. It is the only thing we informed individuals can do to protect the future victims of these harmful and malicious vishing attacks, which will inevitable start emerging once they are more easily available to a wider public around the globe. Stay safe, and protect yourself. Both online and on your smartphone.