Online criminals are pros at developing new cons to steal information — and “vishing” might be one of the most sophisticated schemes yet.
Vishing — a term that combines the words of “voice” and “phishing” — involves callers who use spoofed phone numbers to make it appear as if the calls originate from legitimate numbers or an 800-numbers.
The vishing caller often directs the employee to a fake website with “some security terms to make it look like they are from the IT department,” according to a recent National Law Review report.
The caller then tells the employee he or she needs to update the VPN or add additional security measures and sends the employee an email from the fake company email address.
Next, the caller convinces the employee to put his or her username and password into the pop-up, allowing the criminal to access the employee’s account.
Once cybercriminals have access to an employee’s account, they can gain access to the organization’s network.
To avoid these types of social engineering scams, the CyberSafe at USPS recommends the following:
• Don’t click on any link or attachment from a phone number you do not have saved in your contacts list or if you cannot verify the sender.
• Filter messages from unknown senders and block notifications from unsaved mobile phone numbers to decrease the likelihood of falling for smishing scams.
Here’s how to filter unknown numbers on mobile phones:
• Apple users: Go to “Settings,” then “Messages” and toggle on the “Filter Unknown Senders” option. This will create a new tab in your Messages app called “Unknown Senders.”
• Android users: Go to “Settings,” then “Spam Message Settings” and select the “Block Unknown Senders” option.
The CyberSafe at USPS Blue and LiteBlue pages have additional information.