usually call a victim posing as a member of the Microsoft technical support team and inform the victim that his computer is infected with malware which is generating all sorts of errors. The attackers can then ask for remote access of the victim’s computer or ask the victim to download some software or fake anti-malware programs to solve the victim’s problem. Some attackers may even deceive a victim into revealing his bank account information to make a payment. In other words, the goal of this vishing scam is to infect the victim’s computer with malware or to steal sensitive financial details from the victims.

How to prevent vishing?

Vishing is very difficult for legal authorities to monitor or trace. But, we can always take a couple of steps to protect ourselves up to a significant extent.

• Never ever provide your financial details over the phone. A bank will never ask for your account number, credit card number, password or PIN over the phone.
• If someone is asking for an OTP or One Time Password over the phone, be sure it is a scam. OTPs are meant for users only and no legitimate authority will ever ask for any OTP from any user.
• Do not reveal any personal details or personally identifiable information over the phone. If you have any doubts, you can politely inform the caller that you are going to call back and then call the authentic number of the website/provider/institution to verify the call. It is always better to be safe than sorry.
• If you get a call informing any of your web accounts is having some problem, please do not reveal any information immediately. You can always log in to your account by visiting the legitimate website and verify whether there is any such notification or you can call the legitimate customer care numbers and clarify.
• Get your number registered on the National Do Not Call Registry to block automated calls. It may not stop vishing, but you would get far fewer automated calls than you are used to.
• Do not trust the caller ID of a phone call. As said above, attackers can very easily spoof that.
• If you think you have fallen victim to vishing and your financial information is compromised, immediately call the bank and report the incident. Verify whether there is an unauthorized transaction. Also, immediately change your IPIN, password, ATM PIN or other credentials that may have been compromised.
• It is always good to report vishing incidents to appropriate legal authority. It often helps a lot in catching the actual criminals.

So, to summarise, never ever reveal any financial information or any personally identifiable information over the phone. It is always good to verify the authenticity of a call before responding. Be informed about various security threats and stay safe and stay secure.

The above article gives a brief overview of vishing. Interested readers who want to know more about different techniques used in a phishing scam may want to refer to the book “Phishing: Detection, Analysis And Prevention.”

Security Fundamentals Practice Tests

The Security Fundamentals Practice Tests test one’s fundamental knowledge of cyber security. The practice tests are good for those who are preparing for various certification exams like the CCNA, CCNP, or CompTIA. They are also good for students and IT/security professionals who want to improve their understanding of cyber security.