Voice call phishing, or vishing, can affect anyone who owns a phone–which is to say nearly everyone. If you don’t know a lot about this type of scam, stay on this page. We’ll walk you through the risks, plus how to protect yourself with a VPN.
One of the most common forms of cyber scam that you’ve probably already heard of is phishing, where criminals send out emails that appear to be from your bank or from another trustworthy company like Google, and ask you to send your username or password. These emails are often cleverly crafted to appear genuine, with the from address masked to appear to be from a legitimate account, and with all the banners, logos, and design that you would expect an official email to contain.
Phishing emails can appear to be legitimate as there are times at which a company will email you to confirm your account details, for example by clicking a link to authorise a login to your account. But in fact, these emails are scams that are designed to harvest usernames and passwords for popular services like banking, Facebook, or Google. Phishing has become so common that many people already know about it and know to be wary when they receive an email asking for their username or password.
However, there is a variation on phishing which has become more common in recent years and which people may not know about yet. It’s called vishing, or voice call phishing, and it involves using voice calls to steal people’s login information for sensitive sites like online banking – either in order to steal money directly from the account, or in order to commit identity fraud and set up purchases and credit in the victim’s name.
In this article we’ll explain more about what vishing is, how it operates, and then share tips on how to keep yourself safe from these types of scam. Read on to learn all about vishing in our vishing explained post.
What Is Vishing?
When you start learning about cyber security, you’ll find that there are a whole host of different sorts of cyber attack that you need to protect yourself from. Some of the most common security threats that we face every day are public wifi hotspots can enable other people to hack your accounts or dubious ‘security software’ which actually makes you less safe. Not to mention issues like botnets which use your device’s processing power for unsavoury ends or websites that use your device to mine for cryptocurrency without your permission. Phishing is one of the most common scams because it is so easy to send out huge numbers of emails to multiple different targets with no human effort required. You just set up an auto emailer and send out thousands of emails until someone falls for the scam and sends you their login info.
In recent years, however, people from all around the world have become much more aware of scamming techniques. Better education about online security and increasing internet use among all people has meant that victims are less likely to fall for a phishing scam than they used to be. It’s common now to hear the advice that you should never send your username or password over email, so phishing scams are becoming less effective. Unfortunately, this doesn’t mean that scammers have stopped scamming. Instead, they’ve moved over to more complex scams like vishing or smishing.
RELATED READING: Smishing explained
Vishing simply refers to a phishing scam that is conducted via voice call. Typically, a victim will get a call on their private mobile phone. The number calling may be a local area code and may even be a familiar number. When the victim answers the phone or lets it go to voicemail, a robotic voice informs them that their bank account has been compromised or that they need to verify their login information for a site like Google or Facebook. The victim is told that this is important and they must call a given number right away. If the victim calls the number and gives their login or password information, their details will be stolen by the scammers and used for identity theft.
6 Tips To Protect Yourself From Vishing
It might seem as if it would be very obvious when you are being vished. And, like spam emails, plenty of vishing attempts are clumsy and obviously fake. However, there are tricks to make a vishing attempt seem totally genuine which people might not be aware of. For example, it’s actually really easy to spoof a caller ID.
When someone calls you and you see the incoming number on your phone screen, you might think that if you recognise the number then it couldn’t be shady. But in fact, spoofing caller ID is just a matter of technical know-how, so smart scammers will fake their number to appear to come from a legitimate source, like the phone number of the local branch of your bank. You can’t trust that just because the number on your screen is familiar, the call is actually coming from that number.
To avoid becoming a victim of a vishing scam, keep these tips in mind:
Anyone can get vished, even if you think your phone number is private
If you’re careful with your phone number and you don’t give it out to suspicious parties then you might think that you are safe from vishing. After all, the scammers need to know your number to be able to scam you. But actually there are a couple of ways that scammer can get hold of your phone number. The first is random dialling, like calls centres or phone marketers sometimes do. Basically, you just call random numbers until one of them connects, and there’s no protection against this for users. The second way that scammers get phone numbers is through data leaks. If you’ve ever entered your phone number into an online form, there’s a possibility that the company holding your data has been hacked and that your phone number is therefore available for purchase for scammers on the dark web.
Lean about caller ID spoofing and don’t always trust caller ID
If you get a call from an unknown number, it’s easy to avoid it. But you should remember that just because a number looks legitimate, doesn’t mean that it necessarily is. If you’re in doubt – for example, if you get a call claiming to be from your local bank branch – then you can always hang up and then call the number you know to be legitimate. This ensures that you are connected to the actual number that is appearing on your screen. If you’re worried about this, there are caller ID apps that let you get more information about the origin of a call and that could help you to identify location spoofed calls. Check your phone’s app store to find more detailed caller ID apps.
Never give out identifying information over the phone
Too many businesses have the bad habit of calling customers and then asking them to provide identifying information like usernames, passwords, or dates of birth. This is terrible security practice and you don’t have to engage with it. If someone calls you, never give them any information over the phone. You should only answer security questions when you have called the company, not the other way around.
Beware of messages from voice-to-text synthesizers
It’s increasingly common to hear calls from robotic sounding voice-to-text synthesizers, which could be giving you information or could be just spam. Be suspicious whenever you hear this a pre-recorded or robotic message, as it’s very likely that this message is being sent to hundreds or even thousands of people. The use of speech synthesisers doesn’t necessarily indicate a scam, but it is suggestive of one.
Be suspicious of voicemails
Another variation on the vishing scam is leaving voicemails which ask for confirmation of account details. Often these messages will offer you a free prize or free money if you respond to the call. Be highly suspicious of such voicemails and once again, if you call back then you should never give out identifying information when you’re on the phone with a number you don’t recognise.
Be aware of location-based scamming
One way that scammers try to make a vishing scam seem more legitimate is to send you the vishing message when you enter a new area or region. For example, if you travel to a new city then you might get a message when you arrive alerting you to ‘suspicious activity’ on your account and asking you to confirm your account details. A good way to protect yourself from this type of scamming is to use a VPN which will hide your IP address so that scammers can’t access accurate information about your current location.
Beat Location-based Vishing With A VPN
One good way to avoid scams is to use a VPN to keep your phone safe – both from location-based vishing scams and from other security threats like hackers, malware, and more, then we recommend the use of a VPN. A VPN is a piece of software that you install on your phone that both hides your real IP address and hence disguises your actual location, and also encrypts all of the data that you send over the internet. This means that no one can track your internet use or work out your real location from your phone data.
If you’re looking for a VPN to protect your phone, here are the key factors that you should consider when choosing a VPN provider:
- Excellent security. To keep your data safe you want key security features like strong 256-bit encryption and a no logging policy.
- Fast connection speeds. It’s a big pain to deal with a slow internet connection, so you want a VPN with super fast connections that you won’t even notice are there.
- Software that works on your phone’s operating system. You need to install the VPN software onto your phone, so you should select a VPN provider that has an app available for the phone that you use.
- A big network of servers. To get the best speeds possible from your VPN, you need to connect to a server that’s nearby to your actual location. So it helps to use a VPN provider that has many different servers available in many different countries.
When we looked at all of these different factors, here are the VPNs that we recommend:
When you want a VPN that has everything: great security, fast connections, and easy to use software, then we recommend ExpressVPN. With a massive server network covering more than 3,000 servers in 160 different locations in 94 countries, plus great security features like the use of strong 256-bit encryption and a no logging policy, this service has everything you could want from a VPN. There are even extra security features in the software like a speed test to help you find the best server and DNS leak protection for maximum peace of mind. The software is available for phone platforms iOS and Android, plus others like Windows, Mac OS, and Linux.
Read our full ExpressVPN review.
- Unblocking Netflix, iPlayer, Hulu, Amazon Prime
- Fastest servers we have tested
- Torrenting/P2P allowed
- Strict no-logs policy for personal information
- Live chat support available.
- Max 3 connections simultaneously
- Slightly pricier than competition.
For those are concerned above all else with security, we recommend NordVPN. You’ll get the key security features like 256-bit encryption and a no logging policy, but there are also special dedicated servers for more advanced security options like anti DDoS, dedicated IP, onion over VPN, double VPN, and P2P servers.
The server network is absolutely huge, covering more than 5,100 servers in 59 different countries, and in the software you’ll find extra security features like a CyberSec feature to protect you from malware when browsing, or an app-specific and a general kill switch so you’ll never send data unencrypted by accident. The software has a map interface which makes it easy to use and can be installed on phones running iOS, Android, and Windows Phone, or on computer running Windows, Mac OS, Chrome OS, or Linux.
Read our full NordVPN review.
- Optimized servers for unblocking Netflix
- Mind-boggling number of servers
- DNS leak protection, kill switch
- No logs and encrypted connections for total privacy
- Customer Service (24/7 Chat).
- Not much
- Apps can be a bit cumbersome to use.
If you’re new to VPNs and you want on which is dead easy to use but still has all the features you need, then CyberGhost is a great choice. The graphical interface of the software means that you just have to select the option you want from capabilities like browsing anonymously, torrenting anonymously, or unblocking websites. Simply click the button of your choice and you’ll automatically be connected to the best server for your needs with the options already optimised.
As well as fast speeds and good security like 256-bit encryption and a no logging policy, there are also extra security features like an automatically enabled kill switch. CyberGhost is also notable for its massive network, currently numbering over 5,700 nodes in an incredible 90 countries. The software is available for phones running iOS or Android, or for computers running Windows or Mac OS.
Read our full CyberGhost review.
- LOW PRICE: 6 EXTRA free months (79% off - link below)
- Great user experience and easy installation
- Robust encryption standards
- Zero logs
- 45-day no-quibble money back guarantee.
- Some streaming sites cannot be unblocked.
IPVanish has super fast connections so you’ll never be stuck waiting for a page to load or a video to buffer because of your VPN. And in addition, the security is great with key features like 256-bit encryption and a no logging policy, plus more features available in the software including a kill switch to stop you from accidentally sending data over an unsecured connection, as well as auto reconnect, leak protection for IPv6 and DNS, periodic IP address change, and manually configurable DNS. The large network of servers covers 850 servers in 60 different countries to meet all of your needs, and the IPVanish software is available for phones running Android, Windows Phone, or iOS, plus other devices running Windows, Mac OS, or Linux.
Read our full IPVanish review.
Vishing is yet another in the long line of increasingly sophisticated scams that target mobile phone users. Using tricks from spoofing caller ID to detecting your location and tailoring the scam accordingly, these techniques are becoming more and more convincing so users need to be more and more careful. Use our advice like avoiding calls from unknown numbers and never giving out identifying information to anyone who calls you in order to keep yourself safe.
Another method to keep yourself and your phone safe is to use a VPN to encrypt your traffic and hide your location. We’ve recommended a selection of VPNs that will help to keep you safe from location-based scams or cyber threats like malware or hacking.
Have you ever received a vishing scam message? Are they common where you live, and if so, how do you handle these calls? Let us know in the comments below.
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. ExpressVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.