Schemers Use Pretexting and Vishing to Gather Passwords and Sensitive Data

How difficult is it to trick someone into revealing sensitive data like passwords over phone calls, text messages, or emails? Sadly, it is easier than you might think as hackers employ phishing techniques like pretexting and vishing that help them establish trust. According to Knowbe4.com findings, almost 38 percent of users with no cyber awareness training fail phishing tests. Thus, if you are not familiar with terms like pretexting or vishing, we recommend learning about them before someone tries using such techniques on you or your loved ones. If you agree that it would be smart to do so, we invite you to read the rest of this blog post in which we talk about the mentioned phishing scam techniques and explain what to do to protect yourself against scammers.

Cybersecurity specialists notice that hackers are creating more sophisticated phishing scams. It means that their attacks might be more difficult to recognize. Further, in this text, we talk about two particular social engineering techniques that might help cybercriminals gain even the most cautious users' trust and make them reveal their sensitive data. They are called pretexting and vishing.

What is pretexting?

The Pretexting technique requires a pretext or a story that would make targeted victims trust hackers and make their requests seem legitimate. Usually, hackers behind such attacks pretend to be someone in authority who, allegedly, needs to know the victim's personal or sensitive information.

To establish trust, they may use information that is already known to them, such as your address, old passwords, billing numbers, and anything else that could be obtained during data breaches, from the dark web, or while dumpster diving. For example, if scammers are after your banking information, they could pretend to be working for the bank or for a company from which you recently purchased something. The pretext could be that someone is trying to steal your money or that the payment you made did not go through due to some error. Such attacks can be initiated over the phone, email, text messages, etc. Thus, cybercriminals might ask to tell the information aloud, insert it into fake websites that are reachable via their provided links, or answer their text messages.

What is vishing?

Vishing is a phishing scam over the phone. How is it different from simple phone phishing scams? Vishing phone calls are usually placed via voice over IP (VoIP) services, which means that instead of waiting for targeted victims to answer their calls, hackers wait for them to call them back. Also, just like with pretexting, such attacks are very well planned. Hackers may use automated voice simulation to trick victims into believing that they are who they claim to be. The attackers may also gain victims’ trust by telling them various personal information that they collect before the attack. What makes such scams more successful than phishing emails or texts is that users might feel like there is no time to think or check facts. Plus, if the scammer says things that only you and, for example, your service provider knows, his story might seem very convincing.

How to protect yourself against phishing scams?

Learn about phishing scams

Luckily, phishing scams are not something new, and so there is plenty of information about such attacks. Thus, you can quickly learn about the most common phishing techniques and the latest hackers’ tactics and schemes if you follow cybersecurity news. There are even tools like the Jigsaw’s Can You Spot When You're Being Phished quiz that allows you to check your knowledge as well as learn how to recognize phishing scams. Remember that the more you know, the better you will be able to spot scams and, most importantly, protect yourself against them.

Do not share personal information carelessly

Phishing scams over the phone and email cannot happen without scammers being able to contact you. Thus, we recommend being extra cautious when it comes to revealing your email address and telephone number. Provide such information only to trustworthy organizations that can keep it safe, and only when necessary. Of course, it is not always easy to avoid data sharing, which is why we recommend having a secondary email address that would be used in times when you need to provide your contact information to shady parties.

Stay alert

It is not enough to know about phishing scams or how to protect yourself against them. Make sure that you use the things you learn daily. Hackers can make it seem like their emails and text messages are coming from reputable companies. They can also use various personal information gathered on the dark web to convince you that you can trust them. Thus, you can never let your guard down. Even if nothing raises your suspicion, it is better to check details like the sender’s email address to be safe. Also, make sure that you check the attacked links and scan received files with a reliable antimalware tool before interacting with them.

Question anyone who asks you to provide sensitive information

Does your bank have the right to ask you for your banking account’s login credentials? The answer is no. Even if someone else is trying to take over your account, your bank should never ask you for such sensitive data. There are plenty of other ways to verify your identity and protect your accounts from criminals. Thus, no matter what is going on, institutions and organizations would never ask you for information that could lead to someone gaining access to your accounts or identity theft over a phone call, text message, or email. Thus, even if it seems like there is no time to think, we advise taking a pause and thinking carefully if the request for sensitive data is legit. If you have any doubts, you can always hang up and use a company’s officially known number to call them back or ask to resolve the matter in their office.

To conclude, phishing scams over the phone, text messages, and emails are becoming more targeted as hackers come up with convincing pretexts to gain access to sensitive information or user accounts. Thus, avoiding them might be difficult even to users who are aware of such scams. Nonetheless, it is not impossible if you stay calm and do not let hackers play with your emotions. Remember that no matter how desperate a situation might seem, you should never provide any sensitive data if you are not one hundred percent sure that it is safe to do so. We also encourage you to keep learning about phishing scams and share your knowledge with others, especially with people who could be vulnerable to such attacks.

By Foley
September 3, 2020
Password Security
English
September 3, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Tips

Is It Safe to Store Sensitive Data like Passwords on Google Drive?

You must have heard people around you talking about Google Drive, Google's cloud storage service, or you are one of 800 million users who store their passwords, photos, videos, documents, and other important files on... Read more

July 20, 2018
News

Security Researchers Expose Sensitive Data via Malware Analysis Sandboxes

Security experts at the UK-based threat intelligence company Cyjax have studied data submitted to three of our favorite online malware analysis sandboxes and discovered that much of the publicly accessible information... Read more

September 17, 2019
News

Be Careful If You Rely on eyeDisk Flash Drives to Store Passwords and Other Sensitive Data

What is an eyeDisk exactly? It's a flash drive that can store your photos, documents, and other files. The MSRP for the 32GB version is $99. The logical next question is obvious: Why is it so eye-watering expensive?... Read more

May 14, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.