Yellow
Digital Marketing
Print Advertising

Resources

Yellow Book FeaturesPay My BillFAQs
Yellow Expert
Yellow Expert
Call Us: 0800 803 803

How to protect your business from 'vishing'?

You might be familiar with phishing emails, but have you encountered phishing over the phone?

When it comes to phishing, you might be up to speed on what a phishing email looks like, or even how your emails might look like phish's, but phishing isn't just limited to emails - it can come over the phone. That's right, nothing is safe these days, not even phone calls.

So what is Phone-based Phishing?

The official term for this is voice phishing or 'vishing' for short and it's becoming more and more common, especially for businesses that might not have formal security protocols in place.

Vishing is where a scammer impersonates someone you trust over the phone, this someone could be your bank, a supplier, a government department or even a tech support team.

Their goal?

To trick you or your staff into revealing sensitive information like passwords, payment details or access codes they can use to get into your systems or accounts to scam or hijack funds.

As they're over the phone, the tricks they use to look legitimate and gain your trust look different. Techniques like:

  • Caller ID spoofing: Not sure what spoofing means? It was a new one for us too. It's essentially when a scammer masks there real number to look a legitimate call from a trusted source.

  • Insider knowledge: Scammers will typically spend time learning about your organisation in order to gain your trust.

  • Urgent or threatening language: By creating a sense of urgency, they'll try to speed you through the process before you have time to really consider what's happening.

What to look out for?

When it comes to vishing, you'll find yourself relying on language a lot to determine authenticity. Here are a few things to keep an eye out for:

  • Phrases like:

    • "We've detected unusual activity on your account" before asking for you login or banking info to verify your identity.

    • "This is [tech company], we're calling as we've identified a virus on your system" before requesting remote access to your computer.

    • "You missed a government payment or form" before putting the pressure on to act immediately to avoid a fine or penalty.

    • "We're following up on an invoice from last month" but you don’t recognise the supplier or the voice.

  • Unexpected contact from a 'trusted source' e.g bank, supplier utility provider or even a charity.

  • Call could come from a blocked or foreign number, but scammers can also disguise the number to look local via spoofing.

  • A call coming from a blocked or a foreign number, but also be wary of numbers coming from trusted sources as scammers can use a technique called 'spoofing' to disguise their actual number and masquerade as a trusted caller.

  • Anything that sounds too good to be true, unfortunately if it sounds too good to be true, it probably is.

How to tell if a caller is legitimate?

So, what do you do if you're on the phone and you're not sure of the caller's origins?

Here's a few ways to verify who's calling and keep your company safe:

  • Ask for their name, department and call back: If they're legitimate, they won't hesitate to share these details. Scammers may push back or avoid answering clearly.

  • Use official contact details you've previously been provided or the contact details on the company's website, not the number given over the call.

  • Check for consistency, do the contact details add up? Or the methods of contact?

  • Trust your instincts, if something feels off it probably is. Hang up and call back using official details, it's always better to be safe than sorry.

How to protect your team from vishing?

So you know what to look out for now, but what can you do to keep you, your team and your customers secure?

1. Train your team

No matter what role they play in your company, everyone should be up to speed on security basics and know to never share sensitive information over the phone unless they're confident of who they're speaking with. Set up regular training to ensure your team is across the basics and provide them with the resources they need to stay safe.

2. Slow down the conversation

If you're ever in doubt, slow the conversation down with a simple 'let me call back', giving you a bit of time to verify the callers identity

3. Use official contact details

If someone calls claiming to be from your bank, hang up and call again. Don't rely on the number provided to you.

4. Keep a record of unusual calls and numbers

This can be a living document of unsafe numbers, patterns or phrases your team can use to identify potential scams in the future.

Vishing scams are designed to feel urgent, official and trustworthy, but with caution and the right tools you can easily avoid being scammed or compromising security. Knowing what to look out for goes a long way in ensuring you don't become a target.

Want to learn more about how to keep your team and your company safe?

Check out our other blogs here on cybersecurity for more ways to protect your staff and organisation.