Introduction
When a fraudster uses an internet telephone service (VoIP) and makes the target reveal the sensitive personal/financial information, it is called Vishing, or Voice Phishing. It is a variant of Phishing attack. Fraudsters who do such fraudulent voice calls are called Vishers.
They create fake Caller ID profiles (‘Caller ID spoofing’) which make the phone numbers seem legitimate. The goal of vishing is very simple, either to steal money or identity, or both by instilling fear in individuals.
Also the fraudsters use social engineering tactics, psychological and social methods of manipulating or tricking users. They target the user’s emotions to make them provide information or to perform a specific action through fake calls or vishing attacks.
Ways in which vishing attacks take place
In this technique the fraudster may trick/manipulate the user into revealing sensitive information to commit financial frauds
- By spoofing the caller ID to make it appear to be from trusted source
- By making fake callsand convincing the users on various pretext such as
- Updating KYC
- Linking Aadhar
- Offering free gifts/lottery/prizes
- Customer service executive from bank/gas agency etc.,
- By asking the user to scan the bar/QR code to receive them money
- By getting the users to call the fake customer care numbers updated by them on google.