FeaturedInformation security

Beyond phishing comes a new cyberthreat: vishing

Criminals “vish” to fool you into leaking Asante information for profit or prying themselves into our computer systems.

Share:

As if “phishing” emails weren’t enough, another variety of social engineering fraud is taking aim at Asante and its employees: vishing.

Vishing is a phone scam type of phishing attack. It’s just a new twist on an old routine — impersonating a person or legitimate business for profit or power. And perhaps because we’re likely to trust a human voice, vishing has been successful enough to flourish.

The attacker’s goal is to obtain valuable and sensitive information about you, your company or others. If that information is obtained, privacy and finances may be compromised or the attacker may gain access to Asante computer systems and information.

Vishing calls are deceptive. They may look legitimate when they arrive, since criminals can “spoof” a phone number or caller ID to appear to be from a respectable person or organization. They may appear as local calls so that you will be more likely to pick up the phone. Large scale vishing operations (“robocalls”) have become common, but vishing may be very targeted. Attackers may use publicly available information to target you.

Vish calls often target health care workers, customer service representatives and service desk or tech support staff because those individuals are trained to respond to requests for “help” in a friendly and polite manner, and they have access to important information and systems.

So don’t be fooled.

Here are five tips to recognize a fish:

  1. The call is unexpected.
  2. The caller may seem to want to confirm who you are before proceeding with the call.
  3. The caller may claim to represent a familiar company or reputable government such as the IRS, Medicare, Microsoft or even an Asante computer technician or employee. Don’t trust your caller ID. It’s not difficult to fake a digital phone number.
  4. The caller tries to stir emotions, like greed or fear, to convince you to disclose sensitive information, like credit card numbers or passwords.
  5. The caller has a sense of urgency – you are asked to provide information on the call, right away.

How should you respond to a vish to protect yourself and Asante?

  • Think before you speak! Take a moment to think, then write down information about the caller without offering any of your own information, then just hang up. Or, call back after doing research to verify the call and its request.
  • Never provide any sensitive information about yourself or anyone else.
  • Never share computer passwords or other computer system information.
  • Report the incident to the ITS Service Desk at (541) 789-4141.
  • If you realize you’ve been vished and you gave out sensitive information, immediately report the incident to the ITS Service Desk (541) 789-4141. Depending upon the vish conversation, you may be required to change your password to avoid any system compromise.

Remember that criminals are always locking for new ways to social engineer the public. Who knows? Asante News may soon need to publicize the dangers of the “smish” — an SMS text message that tries to trick people into responding with information or click on a malicious link. Don’t be fooled.  Protect yourself, protect others and protect Asante.

Tags: ITS, Karen McMillen, phone, scam, security, threat, vishing
Amanda Kotler to oversee nursing at both AACH and ARRMC
Asante News archives 2019

If you have a question, please contact the author or relevant department directly.

3 Comments. Leave new

  • FYI. I got a strange call yesterday from someone wanting to follow up on my “health screening” from “last year”. I thought it might be regarding our employee health biometric screening. I asked them to repeat their name, where they were from and what info they needed (my intention was to send an email to employee health and confirm that they needed the requested info).

    The person said she was from the “health screening program” but couldn’t be more specific, and call was regarding the screening “we started last year” to make sure I don’t get any genetic diseases – at that point I knew it was a scam and hung up.

    Reply
  • Thank-you for doing what you do to keep us safe, including electronically safe. I don’t answer any phone# that I do not recognize. I figure that if they really need to talk w/me, they will leave a voice mail

    Reply
  • Thank you LeeLa for leaving the specifics of the phone call you got. It is so helpful to have a concrete example of what to watch out for!
    Thank you ITS folks for keeping us up to date!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Categories

Popular related content