With the rise of digital technologies, scammers have found new ways to deceive individuals and organizations for personal gain. One of the latest methods gaining traction is vishing, a form of cyber attack that uses voice communication to manipulate victims into providing sensitive information such as bank account details, passwords, and social security numbers.

One well-known vishing attack is the Microsoft Tech Support Scam. Your phone rings. The person on the other end of the call tells you they’re a representative from Microsoft Tech Support and they’ve been monitoring your computer. Then, they tell you that your computer has been infected with a virus or malware and that you require immediate tech support to remove the files and protect your data. Unsurprisingly, they’re ready and willing to help! They offer to provide technical support to remove the threat instantly. There’s just one thing you need to do. There are various forms of this scam—they may ask you to give them remote access to your computer (at which point they can install ransomware or freeze your files until you provide payment), convince you to download software that will “remove the threat” but really just allows the attacker to gain control of the computer, or they may simply ask for credit card information to get payment for the supposed technical support services (after which, they’ll either charge you for removing the imaginary threat or use your credit card number for identity theft).

This scam has been ongoing for many years and targets individuals and businesses worldwide. Microsoft has repeatedly stated that they do not initiate unsolicited phone calls, and anyone claiming to be a representative of Microsoft in this manner is likely a scammer. But this isn’t the only vishing scam around.


What is Vishing?

While “phishing” has become a fairly well-known type of cyber attack, vishing is less talked about—but just as dangerous. Vishing is a type of scam where cybercriminals use voice calls (instead of emails like in phishing) to trick individuals into providing sensitive information such as account details, credit card numbers, and passwords. Like phishing, it uses social engineering, meaning attackers manipulate their victims’ emotions using persuasive language to gain their trust and deceive them into revealing confidential information.

How does Vishing work?

In a typical vishing attack, the attacker might impersonate a trusted authority figure, such as a bank representative or government official, to gain the victim's confidence. They then use various techniques to pressure the victim into revealing personal information, such as threatening legal action or promising to offer financial rewards. The attackers may also use spoofing techniques to make it appear as though the call is coming from a legitimate source, such as a bank or a government agency. Perhaps you’ve received one of those calls about “non-payment of taxes,” “a warrant out for your arrest,” or “the last chance to renew your car’s warranty.” These types of phone calls are vishing attacks. By using scare tactics, they hope to have you provide credit card information to make a payment “right now” to fend off what may seem like drastic consequences. 

Vishing attacks can have serious consequences for individuals and businesses. The information obtained by the attackers can be used to steal money, commit identity theft, or gain unauthorized access to sensitive systems and networks. In addition, vishing attacks can undermine the trust that people have in legitimate organizations, leading to reputational damage to the company the scammers are impersonating (even though the company has nothing to do with the attacks).

How to protect yourself?

Always be wary of unsolicited calls, verify the identity of callers, and use two-factor authentication for sensitive accounts. By remaining vigilant and taking proactive steps to prevent vishing attacks, individuals and organizations can reduce their risk of falling victim to this dangerous threat. For additional protection, consider effective data backup and recovery solutions. Rubrik is a cybersecurity and cloud data management company that provides various solutions to help protect your organization against cyber threats. 

Rubrik’s Zero Trust Data Security solutions help restore lost data and minimize the impact of cyber attacks. When data is regularly backed up and safegaurded, and interactions are validated at every level, organizations reduce their vulnerability to data loss and improve their recovery times.

According to the FBI, vishing attacks increased by 50% in 2020, with losses totaling $1.8 billion. These statistics highlight the urgent need for individuals and organizations to educate themselves and their staff and take multiple measures to protect themselves against vishing attacks.