Skip to content

Vishing

Detection

  • If callers are legitimate, it should not be difficult to authenticate their professional affiliation with another phone call. If they do not provide the information necessary to verify their identity, they can not be trusted.
  • Callers creating a sense of urgency is a huge social engineering red flag.
  • Caller sending unsolicited email or SMS messages is another red flag.

Mitigation

  • Hang up as soon as you notice it is a robocall.
  • Never say “yes” to any question.
  • Ignore any and all instructions, not even seemingly harmless instructions. Slippery social engineering slope.
  • Write down any information the person or robot provides on the call — without providing any details of your own. Do not give out any personal information over a phone, ever.
  • Do not click on links in emails or in mobile phone SMS text messages the caller might send.
  • Phone technology that locks a phone line after hanging up and redirecting next calls to the fraudulent caller exists. Do not call back using the same phone on which you received the call.
  • Note the number, what they said/did and report the call to a “Do Not Call” registry and/or anti-fraud program (if existing in your country).

Prevention

  • Keep your phone number private (including on social media).
  • Be aware of caller ID spoofing.
  • Do not answer unknown numbers. Many mobiles offer a “whitelisting” tool that will allow calls only from numbers in your contact list. Use it:
  • On iPhones (iOS 13 and later), go to Settings -> Phone, scroll down, tap Silence Unknown Callers, and turn it on. Calls from unknown numbers are silenced and sent to your voicemail, and will appear in your recent calls list.
  • On Android phones, tap the phone icon at the bottom of the home screen, then in the top right corner of the screen, tap the three dots -> Settings -> Blocked Numbers. Enable Block Calls From Unidentified Callers by tapping the toggle switch on the right.
  • Google’s Pixel phones have a tool called Call Screen. When you receive a call from any number, you can tap Screen Call on your home screen and Google Assistant will answer it for you and ask the caller to identify himself or herself and the reason for calling. When a caller responds, a real-time transcript of the response is displayed.
  • Ask governments for “Do Not Call” registries and Anti-fraud programs, if not available yet.