Spurred by the pandemic and driven by people’s desire now, the world of business has gone digital for good. However, that uptick in digital adoption has been accompanied by a rise in cyber threats.
With such prevalence, it is vital that we as digital citizens are aware of digital threats, and know what to do to protect our businesses.
One of the most common ways cybercriminals garner information is through vishing. Let’s discuss what vishing is and how to protect your business from this dangerous act.
What is Vishing?
Vishing is a scam that criminals run over the phone to steal your business information. It is a type of phishing, which is a broader term that includes scams performed via other mediums, like email or text.
Here is some of the information that vishers are seeking:
- Your financial information, such as your bank account and routing numbers or business credit card information
- Other important business information, like usernames and passwords
- Anything else that is vital to the success of your business
Attackers need that information to fully execute their nefarious plans.
Examples of Common Vishing Scams
Vishers try to obtain your business information, and they do so by posing as an entity you presume to be safe and would share such information with. These criminals may claim to be:
- A financial institution: Vishers often pose as a bank or a loan agency with an accompanying story as to why they are seeking this information, and often claim you need to act now or risk losing money or an opportunity to save money.
- A federal agency: Vishers often pretend to be federal agencies such as the IRS and warn that there is an issue that needs to be resolved.
- A trusted organization: From your payroll software support rep to a local supplier, vishers try to impersonate people from organizations that you personally trust. We are living in the age of the internet and social networking. Obtaining your private dealings is easier than you might think.
How to Protect Your Business
The best way to protect your business from vishing scams is by educating yourself and your staff on criminal tactics, and knowing how to respond.
Here are some ways you can protect your business from such threats:
- Be skeptical: Be leery of anybody who contacts you requesting financial or unnecessary business information, especially if they are claiming to be a federal agency or a financial institution. Financial institutions will likely contact you in multiple ways if there is a legitimate concern, and they will not ask you to verify information unless you have called them. The same goes for federal institutions, as they will not reach out to you for business information. They will only obtain that information when you make the call yourself. Although, do keep in mind that criminals can also pose as your institution asking you via a voicemail message or email to call a specific number. Never call a number given to you in a suspicious message. This is just another ploy to cause you to panic, call them, and give them the data they need to move forward with their scheme. Instead, look up the financial institution to obtain the appropriate number to contact them.
- Hang up: Unfortunately, scammers can work around caller ID and can pose as recognized numbers. If you or an employee does answer the call of a scammer, hang up as soon as you suspect illicit activity.
- Be alert: Know the times of year that scammers are most likely to attack, like tax season.
- Train your employees: Make sure your employees have undergone proper training and know how to spot scams, as well as the protocol should they encounter one. This is the MOST IMPORTANT step you can take to reduce the risk of becoming a victim. And, because criminals are always trying to find new ways to attack, your employees must have consistent training to keep them updated on the ever-evolving tactics. Without security awareness training, your employees will not know what the threats look and sound like, which explains the increase in the number of businesses that have fallen victim to a vishing attack.
The Bottom Line
Unfortunately, these scams are becoming more and more prevalent with each passing day, but there are ways to protect your business. You and your staff must constantly stay aware of the threats that exist. Your team must be vigilant in the face of vishing as well as other cyber attacks. It is imperative that they follow a process that includes checking with your company’s IT professional (or the IT company you use) if there is any doubt at all about cyber criminal activity.
Be sure to check out the vishing example listed below and share with your team.
The absolute best investment in terms of safeguarding your organization against vishing and other cyber threats is to invest in regular cybersecurity awareness training for your entire team. Give your team the tools they need to defend your organization.