Have you trained your staff against phishing? To be cautious when they receive an email with a link. To double check before acting on an email requesting payment, even if it appears to be from a trusted supplier? That’s a good start. Now they need to be equally sceptical when they receive a VoIP call, say from a bank.
Vishing is a criminal activity, similar to phishing, where the fraudster calls using VoIP, purporting to be from a bank (etc.) and tries to trick staff into revealing financial information. Here we take a brief look at why vishing is on the rise, and what a business can do to protect itself.
VoIP makes international calls cost effective
The global reach of VoIP and its relatively cheap cost (versus PSTN) mean attackers can target firms across the other side of the world.
Setting up VoIP is simple. For a fraudster, all that’s needed is an IP phone, router and an IP-PBX to connect to the Internet. The equipment is cheap and easy to obtain, and can be set up with basic IT skills.
Falsifying call details
A fraudster can update the caller ID that the recipient sees, tricking them into believing they are speaking with a legitimate contact.
Also, as reported by the BBC last year https://www.bbc.co.uk/news/uk-scotland-glasgow-west-43129709 they can also falsify their number, making it appear that the call is coming from a specific bank. In this instance, the victims were encouraged to check the caller’s number using Google.
How can a business protect itself from vishing?
Vishing is difficult to guard against using technology, as the caller appears to be genuine. The key security measure is staff training, encouraging people to be sceptical when receiving a call. There must be clear company procedures regarding business communications, especially disclosure of sensitive information.
Businesses should also speak with their VoIP wholesale provider, such as visit IDT Express. A top class provider will be able to advise on the risks and how to mitigate them.
Vishing is undoubtedly on the rise, owing to the low cost and simplicity of setting up VoIP, and the ability to impersonate legitimate callers. Businesses need to encourage staff to be vigilant when receiving a call.
Remember, nothing is as it seems; even the caller’s number and ID can be spoofed.