Los cyber criminals increasingly use more techniques to steal our data. The most frequent is ‘phishing’. The scammer impersonates a third party via email to trick the victim into sharing their personal information. It is considered one of the easiest methods to effectively carry out a cyber attack.
Another very similar technique is ‘smishing’. The National Cybersecurity Institute (INCIBE) explains what it consists of: «It is based on the sending an SMS by a cybercriminal to a user pretending to be a legitimate entity«. The objective is, again, to steal your private data or charge you money. The entity warns that, generally, the message invites to call a special rate number or access a link to a fake website under a pretext.
In recent weeks, another scam has been detected that, although it is not new, is not as well known. is the call ‘wishing’. Therefore, if you have received a double call from “your bank” you should be very careful because you could be the victim of a scam.
What is vishing?
It is possible that in the last few months you have received one or more Phone calls in which the operator identifies himself as a worker of a company, generally of your bank. If you also ask for personal data or even remote access to some device, you must activate all the alarms. The Internet Security Office (OSI) warns that, surely, you are being the victim of a scam.
This fraud is known as ‘vishing’. It is very similar to ‘phishing’, but in this case the voice is used. The The criminals’ modus operandi is divided into two steps:
-
1
First of all, the attacker has previously obtained confidential information about the victim, such as their name and surname, email, address, part of their credit card information, etc. It is very likely that he obtained this data through ‘phishing’.
-
2
Once that information has been obtained, the criminal makes the call, posing as the bank, a courier company or a technical service to use the previous information and gain the trust of the victim to reveal more information or even make some payment.
How to identify ‘vishing’?
The Internet Security Office explains that this type of threat is “easily identifiable”. Likewise, the entity offers a series of guidelines and good practices that can help us defend ourselves against cybercriminals:
-
It is important to verify the identity of the sender. If we think the number is suspicious, we can check it on Google or another search engine to see if it is related to some kind of fraud.
-
Do not click or follow the directions you tell us during the call. It is common for attackers to use automated messages and emails to trick their victims.
-
Never provide personal information if it is a stranger.
Keep in mind that if our bank or another trusted service calls us, it is normal that they already have all the information necessary to carry out the procedures. «Under no circumstances should we share sensitive data with themsuch as our credit card or passwords, nor let a stranger take control over our devices«, indicates the Internet Security Office.
What to do if you are a victim of ‘vishing’?
In the event that we suspect that we are facing a case of ‘vishing’, the Internet Security Office recommends cut off all communication and, if you believe you have already been a victim of this fraud, you should follow these steps:
-
Scan our device with an updated antivirus.
-
Block the number that has contacted us.
-
Change the passwords of those accounts that may have been compromised.
-
Turn on 2-Step Verification on accounts that allow it to help prevent phishing.
-
Contact the bank to cancel any unauthorized payment or cancel our card if necessary.
-
Collect all possible evidence and report it to the State Security Forces and Bodies.
INCIBE makes available the Cybersecurity Helpline, 017, a free and confidential telephone number from which to answer any questions.
.jpg?$p=88ba847&f=16x9&w=1080&q=0.8)
