Schemers Use Pretexting and Vishing to Gather Passwords and Sensitive Data

How difficult is it to trick someone into revealing sensitive data like passwords over phone calls, text messages, or emails? Sadly, it is easier than you might think as hackers employ phishing techniques like pretexting and vishing that help them establish trust. According to findings, almost 38 percent of users with no cyber awareness training fail phishing tests. Thus, if you are not familiar with terms like pretexting or vishing, we recommend learning about them before someone tries using such techniques on you or your loved ones. If you agree that it would be smart to do so, we invite you to read the rest of this blog post in which we talk about the mentioned phishing scam techniques and explain what to do to protect yourself against scammers.

Cybersecurity specialists notice that hackers are creating more sophisticated phishing scams. It means that their attacks might be more difficult to recognize. Further, in this text, we talk about two particular social engineering techniques that might help cybercriminals gain even the most cautious users' trust and make them reveal their sensitive data. They are called pretexting and vishing.

What is pretexting?

The Pretexting technique requires a pretext or a story that would make targeted victims trust hackers and make their requests seem legitimate. Usually, hackers behind such attacks pretend to be someone in authority who, allegedly, needs to know the victim's personal or sensitive information.

To establish trust, they may use information that is already known to them, such as your address, old passwords, billing numbers, and anything else that could be obtained during data breaches, from the dark web, or while dumpster diving. For example, if scammers are after your banking information, they could pretend to be working for the bank or for a company from which you recently purchased something. The pretext could be that someone is trying to steal your money or that the payment you made did not go through due to some error. Such attacks can be initiated over the phone, email, text messages, etc. Thus, cybercriminals might ask to tell the information aloud, insert it into fake websites that are reachable via their provided links, or answer their text messages.

What is vishing?

Vishing is a phishing scam over the phone. How is it different from simple phone phishing scams? Vishing phone calls are usually placed via voice over IP (VoIP) services, which means that instead of waiting for targeted victims to answer their calls, hackers wait for them to call them back. Also, just like with pretexting, such attacks are very well planned. Hackers may use automated voice simulation to trick victims into believing that they are who they claim to be. The attackers may also gain victims’ trust by telling them various personal information that they collect before the attack. What makes such scams more successful than phishing emails or texts is that users might feel like there is no time to think or check facts. Plus, if the scammer says things that only you and, for example, your service provider knows, his story might seem very convincing.

How to protect yourself against phishing scams?

Learn about phishing scams

Luckily, phishing scams are not something new, and so there is plenty of information about such attacks. Thus, you can quickly learn about the most common phishing techniques and the latest hackers’ tactics and schemes if you follow cybersecurity news. There are even tools like the Jigsaw’s Can You Spot When You're Being Phished quiz that allows you to check your knowledge as well as learn how to recognize phishing scams. Remember that the more you know, the better you will be able to spot scams and, most importantly, protect yourself against them.

Do not share personal information carelessly

Phishing scams over the phone and email cannot happen without scammers being able to contact you. Thus, we recommend being extra cautious when it comes to revealing your email address and telephone number. Provide such information only to trustworthy organizations that can keep it safe, and only when necessary. Of course, it is not always easy to avoid data sharing, which is why we recommend having a secondary email address that would be used in times when you need to provide your contact information to shady parties.

Stay alert

It is not enough to know about phishing scams or how to protect yourself against them. Make sure that you use the things you learn daily. Hackers can make it seem like their emails and text messages are coming from reputable companies. They can also use various personal information gathered on the dark web to convince you that you can trust them. Thus, you can never let your guard down. Even if nothing raises your suspicion, it is better to check details like the sender’s email address to be safe. Also, make sure that you check the attacked links and scan received files with a reliable antimalware tool before interacting with them.

Question anyone who asks you to provide sensitive information

Does your bank have the right to ask you for your banking account’s login credentials? The answer is no. Even if someone else is trying to take over your account, your bank should never ask you for such sensitive data. There are plenty of other ways to verify your identity and protect your accounts from criminals. Thus, no matter what is going on, institutions and organizations would never ask you for information that could lead to someone gaining access to your accounts or identity theft over a phone call, text message, or email. Thus, even if it seems like there is no time to think, we advise taking a pause and thinking carefully if the request for sensitive data is legit. If you have any doubts, you can always hang up and use a company’s officially known number to call them back or ask to resolve the matter in their office.

To conclude, phishing scams over the phone, text messages, and emails are becoming more targeted as hackers come up with convincing pretexts to gain access to sensitive information or user accounts. Thus, avoiding them might be difficult even to users who are aware of such scams. Nonetheless, it is not impossible if you stay calm and do not let hackers play with your emotions. Remember that no matter how desperate a situation might seem, you should never provide any sensitive data if you are not one hundred percent sure that it is safe to do so. We also encourage you to keep learning about phishing scams and share your knowledge with others, especially with people who could be vulnerable to such attacks.

September 3, 2020

Leave a Reply