(Check out the full list of free security awareness episodes here)
The latest security awareness video covers “vishing” which is defined as the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to trick individuals to reveal personal information, such as bank details and credit card numbers.
Recently I listed an item for sale on my local classifieds. Within seconds, I received several text messages and calls from seemingly interested buyers. I quickly noticed some of the messages had egregious misspellings and were from obscure, non-local numbers. I work in the cyber security industry and am aware that spam can occur when posting a phone number publicly. I disregarded the odd messages and odd phone numbers as scams – except for one.
One of the calls was from a local number. It was a legitimate buyer – or so I thought. After a few reasonable questions, they asked me to verify I was a legitimate seller. I wasn’t sure how I would prove that, but they made a suggestion I could verify I was legitimate by sending them the six-digit code just sent to me. Immediately my internal alarms triggered. I knew it was another scam attempt because a six-digit code wouldn’t prove anything. Nevertheless, sure enough, I received a text with a six-digit code to my cell. The message was from Google Voice with a warning to not provide the code to anyone.
As stated earlier, I work full-time in the cyber-security industry. I read about and teach others on how to recognize the signs. I knew this was a scam and blocked the number right away. But there are those who don’t know the signs and that’s who the scammers prey on.
Who are these scammers? Typically they are individuals looking for a pay-day or full-fledged hacking companies who even have an HR department. In the above example, if I had provided the six-digit code the individual could have been able to use my phone number to carry out illegal activities, and if they found enough information, could have the ability to compromise my Google account.
Think you can spot a vishing scam? Scammers get better every day and have more resources than ever before. Be vigilant, cautious, and skeptical. Even security professionals can fall for a scam if care isn’t taken. Check out the latest free security awareness episode on vishing as Sid – the ever-vigilant cybersecurity professional – let’s recognition go to his head and gets scammed. These videos are provided by the National Cyber Security Alliance in partnership with Adobe and Speechless Inc.