Voice phishing (vishing) scams are not really online scams, but they are often linked and are becoming more sophisticated so are worth mentioning here. They use voice solicitation to get information or money from consumers or businesses. The scammer calls the victim and attempts to use social engineering techniques to trick the victim into doing something, often to give credit card details or send money.
Sending email spam and SMS spam is very easy and costs almost nothing. Calling an intended victim personally, on the other hand, takes more time and effort. For that reason, we are less accustomed to vishing and the stakes are often much higher in order to justify the scammer’s time.
One of the major benefits of vishing versus phishing via email is that criminals don’t have to worry about spam filters. Calls in general are far less abundant than email, so there is a higher chance of getting someone’s attention. While phone calls are more expensive than email, VoIP has made mass calling far more accessible to criminals.
To make matters worse, it is almost trivial to spoof a caller ID number these days. If a scammer wishes to present themselves as an official with your country’s tax bureau, it would be easy for them to show you a legitimate tax bureau number on your caller ID.
Bank fraud vishing scams are some of the most common you’ll come across. Scammers will typically pose as a bank representative and tell you there has been suspected fraud or suspicious activity on your account. While some will then try to extract personal or banking information, other scammers have different tactics. One in particular involves persuading targets to install “protective software” on their computer to block any more fraudulent transactions. What the software actually does is allow remote access to the victim’s computer.
We’ll cover tax scams in a bit more detail later, but these are often carried out over the phone or through a combination of phone calls and emails. The first contact via phone may be automated meaning scammers can reach a huge number of targets very easily. It also means they only have to actually speak with anyone who calls back. These callers would be considered “qualified leads” and easy targets at that point since they’ve already fallen for the first stage of the scam. See more tax scams.
Fake prize or contest winnings are often communicated via a phone call or automated voice message. Promised prizes could be in the form of cash, a car, or an all-expenses-paid vacation. In reality, fraudsters are looking to find out personal details for use in credit card fraud or identity theft.
The tech support scam often starts as a phone call and ultimately ends up online, similar to the bank scam mentioned above. This time, a “technician,” claiming to represent a large firm like Microsoft, will tell you your computer is infected and you need to hand over remote support.
Once you do, the fake tech can do whatever they want with your system, including installing malware or ransomware. Typically, once they are finished “fixing the issue,” you’ll be asked to pay for the service. They then have all of your payment info and in some cases can continue to access your computer through the remote access software whenever they want.
This scam isn’t always initiated over the phone and might start via a web page popup that tells you your computer is infected and to call a support number. The popup is usually difficult to get rid of which serves as motivation to call the number provided.
If you get an official-sounding call from a law enforcement or government agency, you’d be forgiven for being scared into handing over details. Criminals prey on this fear and often pose as police or government officers to phish for personal information. Bear in mind, any such legitimate contact would be dealt with in person or at the very least by mail.