Beyond phishing comes a new cyberthreat: vishing
As if “phishing” emails weren’t enough, another variety of social engineering fraud is taking aim at Asante and its employees: vishing.
Vishing is a phone scam type of phishing attack. It’s just a new twist on an old routine — impersonating a person or legitimate business for profit or power. And perhaps because we’re likely to trust a human voice, vishing has been successful enough to flourish.
The attacker’s goal is to obtain valuable and sensitive information about you, your company or others. If that information is obtained, privacy and finances may be compromised or the attacker may gain access to Asante computer systems and information.
Vishing calls are deceptive. They may look legitimate when they arrive, since criminals can “spoof” a phone number or caller ID to appear to be from a respectable person or organization. They may appear as local calls so that you will be more likely to pick up the phone. Large scale vishing operations (“robocalls”) have become common, but vishing may be very targeted. Attackers may use publicly available information to target you.
Vish calls often target health care workers, customer service representatives and service desk or tech support staff because those individuals are trained to respond to requests for “help” in a friendly and polite manner, and they have access to important information and systems.
So don’t be fooled.
Here are five tips to recognize a fish:
- The call is unexpected.
- The caller may seem to want to confirm who you are before proceeding with the call.
- The caller may claim to represent a familiar company or reputable government such as the IRS, Medicare, Microsoft or even an Asante computer technician or employee. Don’t trust your caller ID. It’s not difficult to fake a digital phone number.
- The caller tries to stir emotions, like greed or fear, to convince you to disclose sensitive information, like credit card numbers or passwords.
- The caller has a sense of urgency – you are asked to provide information on the call, right away.
How should you respond to a vish to protect yourself and Asante?
- Think before you speak! Take a moment to think, then write down information about the caller without offering any of your own information, then just hang up. Or, call back after doing research to verify the call and its request.
- Never provide any sensitive information about yourself or anyone else.
- Never share computer passwords or other computer system information.
- Report the incident to the ITS Service Desk at (541) 789-4141.
- If you realize you’ve been vished and you gave out sensitive information, immediately report the incident to the ITS Service Desk (541) 789-4141. Depending upon the vish conversation, you may be required to change your password to avoid any system compromise.
Remember that criminals are always locking for new ways to social engineer the public. Who knows? Asante News may soon need to publicize the dangers of the “smish” — an SMS text message that tries to trick people into responding with information or click on a malicious link. Don’t be fooled. Protect yourself, protect others and protect Asante.