After phishing, vishing! With this new telephone scam technique, cybercriminals collect their victims’ personal information to empty their bank account by going without their bank advisor… And it works!
Telephone canvassing since 06 and 07 and canvassing for the CPF may have been banned, but the French are not yet at the end of their troubles! Scammers are very imaginative when it comes to tricking their victims and extracting money from them. And what better than to have them online to manipulate them into giving them, in confidence, their bank account PINs and other sensitive personal information?
While phishing scams – when cybercriminals try to retrieve personal data through fraudulent links sent by email or text message – have increased in recent times, the new trend is vishing, as reported the Cybermalveillance alert, the Government service. This neologism results from the contraction of “voice” (voice) and “phishing” (phishing), and designates a scam where malicious people contact the victim by telephone pretending to be their bank adviser – but other thefts of identities are possible, such as a government organization – in order to alert them to suspicious movements on bank accounts – which is obviously false. As the victim panics and then finds himself pressed by the situation, he ends up falling into the trap and giving up his personal and especially banking information, even validating transactions himself. No wonder that in just a few months, vishing has become one of the most profitable remote scams – especially since it is carried out at a low cost.
The goal of a vishing attack is the same as that of a phishing attack: to steal the victim’s banking information. However, her strength is that she uses social engineering methods, which take advantage of the victim’s feelings, including fear, angst, and greed. Hackers will do anything to arouse these emotions and thus cloud his judgment and gain his trust. They will then make him believe that his account has been compromised and that his money is no longer safe – but this also works with incredible investment promises, the renewal of his vital card or the victory of a competition – and create the impression of having to act quickly so as not to give him time to analyze the situation and use his critical thinking. Suffice to say that the role of a bank advisor is perfect for obtaining this kind of reaction.
This scam takes advantage of the current context, where data theft is on the increase – in just a few weeks, Twitter has leaked the data of no less than 235 million users, and Deezer that of 250 million of them – and where it has never been so easy to retrieve personal information from the Dark Web. So many elements that make the speech of hackers credible, especially since they do not hesitate to adapt the content of their calls by using elements such as name, date of birth, postal address, even account number. of the victim to put her at ease. And if it falls into the trap, it risks suffering from credit card fraud, the contracting of loans in its name or the theft of its social benefits or its savings.
What are the different types of vishing scams?
Typically, scammers contact their victims to inform them that their bank account has been compromised and could be the target of a cyberattack. They will then try to persuade them to transfer the money from their bank account to another supposedly “secure” account or to give them their login details so that they can fix the problem. However, a bank will never ask for such requests over the phone! While this is the most common type of vishing, there are other variations, however. The Autorité des marchés financiers (AMF) has notably alerted to a currently active campaign of fraudulent calls from people claiming to be investigators from the financial institution and who are offering victims of crypto-asset investment scams get their funds back – so they get ripped off twice.
Other scammers contact potential victims to offer them a loan, reward, or too-good-to-be-true investment opportunity. They can also pretend to be tax collectors and threaten or intimidate them by inventing unpaid tax debts and large penalties – a most destabilizing type of appeal! They can even impersonate a Medicare or Social Security representative! In short, we have understood that they are not lacking in imagination and are capable of inventing all sorts of scenarios.
Above all, it should be understood that calls are not safe and should be handled with caution. Even a known number displayed is no guarantee of security. Indeed, telephone spoofing makes it possible to falsify a telephone number – which is actually not very complicated – in order to usurp the identity of a person who is a member of public authorities or institutions. This is why it is important to avoid sharing any personal information (telephone, e-mail, identity documents, RIB, IBAN, proof of residence, etc.) by SMS or voice call, especially when the identity of the interlocutor has not been verified. Even if he provides personal information to prove who he is, the legitimacy of the request should be independently verified by calling the public and official telephone number to reach the organization or company in question.
“Never will an adviser from your bank ask you to communicate your password, confirmation codes or to carry out validation or cancellation actions on your banking application for alleged fraud in progress on your accounts”, explains the Government. Finally, it is better to have strong and unique authentication to access your account and, if possible, activate two-factor authentication.
What to do in the event of a vishing scam?
In the event that the victim has shared their personal and banking information over the phone or suspects that they have been the victim of vishing, they must act quickly. You must immediately block your credit card and change the passwords that allow access to the accounts. The bank’s objection telephone number is listed on its website and on its ATMs. It is also possible to contact the interbank card opposition server by telephone on 0 892 705 705 (surcharged number), a service which is open 7 days a week, 24 hours a day.
If the scammers have already started using it, you must immediately identify the fraudulent transactions as well as the beneficiary accounts and, above all, keep the evidence, such as telephone numbers, messages or e-mails received, transfer orders, payment records or any other information that could be used to report the scam to the authorities. You must then contact your bank as soon as possible, which will indicate the steps to be taken to minimize the consequences of the scam as much as possible. As the Government points out on its website, “depending on the case, request reimbursement, suspension or return of funds. Your bank may require a copy of your complaint to process your request.”
Precisely, it is essential to report the facts on the platform Percival. It belongs to the Ministry of the Interior and allows victims of credit card fraud to report the scam they have suffered online – including when the bank has reimbursed them. Reporting will help authorities identify the perpetrators of these frauds. Finally, the victims must file a complaint with the police station or the gendarmerie brigade, or write to the public prosecutor of the judicial court on which they depend, providing all the evidence in their possession.
To be accompanied in their procedures, victims can contact an association of France Victims at 116 006 (free call and service), which is the Ministry of Justice’s victim support number open 7 days a week from 9 a.m. to 7 p.m., or from the platform Info Scams from the Ministry of the Interior on 0 805 805 817 (free call and service), which is open from 9 a.m. to 6.30 p.m. from Monday to Friday. Finally, it is better to secure all your electronic devices by carrying out security updates and performing a scan via your antivirus to be sure that you have not been hacked.