Vishing – how to gain access to a phone account in 30 seconds

Vishing is a form of scam perpetrated through phone calls. Using social engineering tactics, the con artist deceives the receiver in order to obtain data and information that can be exploited later for a larger or more targeted attack.

In this video, a social engineer was challenged to obtain access to a phone account. She succeeded in just 30 seconds. How did she do it?

  1. She spoofed her call so that it would appear to be from the number belonging to the guy who challenged her, giving more credence to her ruse;
  2. She played the stereotype of the busy mum overloaded with things to do and a crying baby; in this role, she claimed she couldn’t remember the email address used to log onto the account.

We don’t know who was on the other end of the line, but he/she was moved by this situation and fell into the trap.

Result: email address obtained.

  1. By giving her name and a fake Social Security number, she managed to set up personal access to the account and set a new password – the receiver did everything he/she could do to help the stressed mum.

Result: full control of the account; its owner was blocked out.

Life savings lost in vishing fraud

Vishing scams are more common than you think. Earlier this month, a retired lady from Edinburgh was persuaded to transfer her savings into a fraudulent bank account. She received a phone call from someone impersonating an employee at her bank, who then convinced her that someone had tried to use her bankcard and that it was in her interests to move their savings into a ‘holding account’.

Vishing, smishing and phishing

Depending on the means used to deceive victims, these frauds can be named vishing (phone), phishing (email), and smishing (mobile text message). Falling prey to these scams is very easy if you don’t know what they are and how to respond when you receive a scam call/text message/email. What if you reveal your PIN or National Insurance number to someone who claims to be from the bank or HMRC? Get basic knowledge about these frauds and learn how to recognise them with the Phishing Staff Awareness Course.

Recognise fraud before it’s too late with the Phishing Staff Awareness Course >>

See our suite of e-learning courses to improve your knowledge of information security, DPA and PCI compliance requirements.

New to IT Governance staff awareness e-learning courses?

To encourage you to discover and benefit from our e-learning courses we are offering you a year’s subscription to one of our courses of your choice for an introductory £0 per user, for as many users as you need, until 15 July 2016. All you pay is the cost of setting up your LMS, training your administrator and applying core customisation of your selected course (a total of £1,000).

Don’t miss this special offer, buy now >>