Most people have been the recipient of a call that sounds alarming and urges them to take immediate action to protect their bank account or prevent a hefty fine from the IRS. However, scammers continue to successfully target unsuspecting consumers to steal sensitive data, such as account numbers or payment information. As scamming methods evolve to better impersonate legitimate businesses, it is more important than ever for companies to take the necessary precautions to protect their consumers.
Businesses that make outbound calls must be particularly careful about securing the channels that they use and preventing spoofing. Even one vishing attack where the imposter pretends to represent your company can damage your brand reputation and ruin consumer trust.
What is vishing?
Voice phishing, also commonly referred to as vishing, is a scam during which cyber criminals use mobile or landline phones to steal personal information from individuals. The scammer calls a consumer to extract information, either by impersonating a legitimate business or a government agency. In an attempt to gain the trust of the call recipient, some scammers will provide personal information that they have found elsewhere to appear more trustworthy. Vishing attacks can come from an actual person, but they also use automated robocalls or a combination of the two methods.
As one might expect from the name of this scam, there are many similarities between phone phishing, smishing, and phishing. Vishing relies on the use of phone calls to extract information, whereas phishing is usually an email-based scam. A phishing attack urges individuals to respond with financial information and login credentials or offers a link that contains malware to infect the device. Smishing is another similar scam that uses text messages that include either a link with malware or a phone number to call, which then leads to vishing. Each of these scams has the same goal: to steal sensitive data.
It is important to understand what voice phishing is so that consumers can recognize an attack and protect themselves. It is equally important for businesses to understand different vishing scams to protect their reputation and reduce the likelihood of spoofing.
How does vishing impact businesses?
The impact on individuals is clear: vishing exposes them to identity theft and financial loss. However, scammers that use voice phishing — especially those that impersonate legitimate companies — can have a serious impact on businesses.
One way it impacts business is by creating a negative customer experience. Once a business has been impersonated by a scammer, 34% of consumers are suspicious of any future calls coming from that business. Even if the consumer receives legitimate calls from them in the future, they are more likely to ignore the call due to previous suspicious activity. These resulting hesitations can be detrimental to customer experience ratings.
It is difficult to regain consumer trust, and that makes it challenging to communicate important information like the results of a medical test, updates to an account, and other critical and sensitive data if you are unable to get the customer on the phone. A negative customer experience also means wasted resources on things like handling calls, emails, and other messages from disgruntled customers.
Another impact of vishing on businesses is a reputation hit. No company wants to be in the news for a data breach or obnoxious scam calls. Similarly, consumers are hesitant to work with companies that they associate with spam calls. In fact, 13% of consumers have switched brands after receiving an impersonation call.
Common vishing scams
Although a vishing attack can take many forms, there are some common methods that scammers favor. Vishing examples include:
- Issues with a credit card or bank account. With a bank account or credit card scam, the caller will say that there is a problem with a recent payment or suspicious activity on the card and request certain information to resolve the issue. They may request that the consumer provide new payment instructions, an account number, an access code, or login information.
- Unsolicited loan offers. These scams often reference a legitimate company and offer loan terms that sound too good to be true. Whether the scammer offers help paying off student loans or exceptional interest rates on a new loan, they typically insist that the consumer must act quickly to get the offer.
- Medicare and Social Security scams. Phone phishing is one of the most common methods that scammers use to target older adults. During a Medicare scam, they call and offer help enrolling individuals in different programs. Scammers may also threaten to suspend or cancel the consumer’s social security number.
- IRS tax scams. The IRS tax scam is one of the most prevalent vishing scams. The caller tells the victim that they owe money to the IRS and that they must pay immediately or face fines and possible arrest. The scammer may claim that there is an issue with a tax return or even suggest that there is already a warrant for the person’s arrest.
How consumers can spot a vishing scam
Consumers should be on the lookout for these telltale signs of a vishing scam when they answer any calls, both from unknown numbers and numbers that appear to be associated with a business.
- The caller claims to represent a government agency. Agencies like the IRS, Medicare, or the Social Security Administration do not initiate contact with you by phone unless you request information from them.
- There is a sense of urgency. The caller speaks quickly and urges the victim to act before it is too late. This sense of urgency applies to both scare tactics and special offers.
- The caller requests personal information. Most businesses clearly state that they will never request personal information over the phone, so any caller that does so should raise suspicions.
How consumers can protect themselves from vishing
The best way to prevent identity theft or financial loss from a vishing attack is by following these suggestions.
- Don’t answer calls from unknown numbers. Most banks and government agencies will not initiate contact with consumers over the phone. It is also important to note that numbers of legitimate businesses can be spoofed, so consumers should not rely on caller ID to determine which calls are safe.
- Hang up any suspicious calls. If the caller requests personal information or does anything else that seems suspicious, consumers should hang up immediately. There is no obligation to carry on a polite conversation. If the call is legitimate, the consumer can call the business back at their publicly listed number.
- Don’t press buttons or respond to prompts. Some automated messages used for vishing can prompt the individual to press buttons for different options or to respond to questions. Doing so identifies the number as a potential target for additional spam calls. Scammers can even record voice responses and use the recordings later for voice-automated phone menus.
- Verify the caller’s identity by calling the company back at the official number listed online. The consumer should never use the callback function of a phone to verify whether a call is legitimate or a scam. Instead, they can call the company associated with the call at the official company public phone number.
What can businesses do about vishing?
The FTC has taken steps to reduce the impact of spoofing on consumers by implementing the STIR/SHAKEN framework. However, this framework only reveals illegal call spoofing. It does not stop or reduce the number of times that spoofing occurs, so it should not be the only thing businesses rely on to protect themselves from the effects of vishing.
Businesses can incorporate Hiya’s Branded Call into their communication with consumers to demonstrate trustworthiness to consumers. With Hiya’s Branded Call, companies can display their name, logo, and call reason on the screen of the call recipient. This transparency signals that the call is coming from a trusted source and that it is not a scam. With improved trust between consumers and businesses, you can have productive conversations with your customers again.
Learn more about 4 Steps to Minimize Fraud & Maximize Security in Your Voice Channel to get started protecting your company and customers from vishing attacks today!