Voice phishing

Voice phishing, or vishing,[1] is the use of telephony (often Voice over IP telephony) to conduct phishing attacks.

Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers.[1] Posing as an employee of a legitimate body such as the bank, police, telephone or internet provider, the fraudster attempts to obtain personal details and financial information regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim. With the received information, the fraudster might be able to access and empty the account or commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to another bank account or withdraw cash to be given to them directly.[2] Callers also often pose as law enforcement or as an Internal Revenue Service employee.[3][4] Scammers often target immigrants and the elderly,[5] who are coerced to wire hundreds to thousands of dollars in response to threats of arrest or deportation.[3]

Bank account data is not the only sensitive information being targeted. Fraudsters sometimes also try to obtain security credentials from consumers who use Microsoft or Apple products by spoofing the caller ID of Microsoft or Apple Inc.

Audio deepfakes have been used to commit fraud, by fooling people into thinking they are receiving instructions from a trusted individual.[6]

  1. ^ a b Griffin, Slade E.; Rackley, Casey C. (2008). "Vishing". Proceedings of the 5th annual conference on Information security curriculum development - InfoSecCD '08. p. 33. doi:10.1145/1456625.1456635. ISBN 9781605583334.
  2. ^ "'Vishing' scams net fraudsters £7m in one year". The Guardian. Press Association. 2013-08-28. Retrieved 2018-09-04.
  3. ^ a b Olson, Elizabeth (2018-12-07). "When Answering the Phone Exposes You to Fraud". The New York Times. ISSN 0362-4331. Retrieved 2021-04-08.
  4. ^ "Chinese Robocalls Bombarding The U.S. Are Part Of An International Phone Scam". NPR.org. Retrieved 2021-04-08.
  5. ^ Hauser, Christine (2018-07-23). "U.S. Breaks Up Vast I.R.S. Phone Scam". The New York Times. ISSN 0362-4331. Retrieved 2021-04-06.
  6. ^ Statt, Nick (2019-09-05). "Thieves are now using AI deepfakes to trick companies into sending them money". The Verge. Retrieved 2021-04-08.