Clemson University is seeing an increase in voice phishing, also known as vishing. Vishing is a social engineering tactic done through phone calls where the caller uses deception and manipulation.
The goal of the vishing phone call is to pose as someone they are not and then to gain access to someone’s account or service. Once the cybercriminals have access to your account, they can change passwords to lock you out of your own account as well as transfer data or even funds from your financial institution.
For example, you may get a call from someone saying they are from your bank, and that they are seeing some potentially fraudulent charges on your credit card. Then, they may ask you to verify some of your information, such as your mailing address, birth date, or account number. Once they have some of that key information, they could then call your actual bank and claim to be you. When your real bank asks for some of your personal information to verify that it is really you calling, the cybercriminals can provide that information because you just gave it to them.
Another example would be someone calling a Support Desk asking for help in resetting their password. When the support person asks them to confirm their identity by sending something to the user’s phone, the fake caller could make up some excuse about how they lost their phone, which is why they are calling to reset their password. The Support Desk employee who is trying to be helpful may then let them skip that step. The cybercriminals sometimes will even research personal details on their victims from social media to help them answer other key information if asked.
To help reduce the risk of becoming a victim of vishing, it is recommended that you don’t answer calls from unknown numbers on your personal phone. If you do get a message or call claiming that there is an urgent issue, like an alert from your financial institution, a billing issue from a service that you use, a family medical emergency, or even someone asking you to do something for them, don’t necessarily trust the validity of that call.
It is always better to verify the information yourself. Hang up from that call and then call the institution, service, or person who supposedly just called you to verify whether the issue is legitimate. Don’t trust that the caller is who they say they are. And verify first, before giving any information or taking any action.
