Recognizing and Preventing VoIP Phishing Attacks

VoIP (Voice over Internet Protocol) exists to help people with their voice-based communication using the Internet – or, in other words, to let users make phone calls via the Internet. This technology is instrumental in a business context. Members of a team can use Voip to communicate with each other. VoIP is also an excellent tool for customer service representatives to connect with today’s consumers.

Unfortunately, scammers have started using VoIP to trick others into sharing their personal details, such as bank account information. Victims could have their money stolen, or worse.

As of 2020, up to 85% of organizations have been targeted by at least one phishing scam. Considering that around 30% of those who received phishing emails opened them, their scale and effectiveness should not be underestimated.

Image Source

In the face of this new type of cyber-attack, it’s essential to know precisely how VoIP phishing scams work, as well as how to protect yourself and/or your company against VoIP phishing attacks.

What is VoIP Phishing?

We’ve already established that VoIP allows users to set up voice-based communication by using the Internet. But how does that connect to phishing scams – and what are phishing scams, exactly? We’re going to break those questions down and then answer them in-depth.

How does a phishing scam work?

Phishing scammers contact targets by phone, email, text message, or in the case of VoIP phishing, Internet phone. The scammers pretend to be part of a legitimate group, company, or governmental organization in the hopes of encouraging targets to trust them. Then they abuse this trust to trick victims into sharing personal information.

Image Source

The cybercriminals behind phishing scams usually try to obtain banking details, passwords, or information to identify their victims personally. Phishers can then use this information to steal money, hack into victims’ accounts, or even commit identity theft.

In short, when a phishing scam is successful, it constitutes a data breach that has the potential to pose a significant risk to its victims.

Why is it called ‘phishing’?

After the first phishing attack occurred around 1995, the practice slowly became more popular. It takes its name from the fact that scammers put out ‘lures’ in the form of mock-legitimate emails and websites. These lures then draw in unsuspecting victims, thereby mirroring the idea of putting out bait to catch a fish.

Words to describe other kinds of cybercrime, such as pharming, also swap out an f for a ph to distinguish themselves from their original counterpart. This is because the intention was to link phishing and pharming visually to their original perpetrators, a group of hackers known as phreaks.

Image Source

What is the connection between phishing and VoIP?

Phishing scams can only work when their attempts at masquerading as legitimate, trustworthy sources are successful. Including a phone number in a phishing email helps to lend that email a sense of legitimacy, which will make targets less likely to suspect fraud.

Furthermore, when scammers use VoIP to contact their targets, they set up a significantly more instant and personal connection than they could by using emails. If a scammer can create enough of a sense of urgency while they have a victim on the phone, it will be much easier for them to pressure that target into disclosing sensitive information. This makes phones an attractive option for phishing scammers to use to contact their targets.

Image Source

When scammers use VoIP specifically, they can ensure that their Internet phone number doesn’t show their location. This helps them scam victims in other countries, or those who might not answer a call from a number with an unknown area code. Also, scammers who use VoIP only need a good Internet connection to make contact with their targets. This makes VoIP-based scamming more appealing to any hackers who live or work in areas with poor reception.

In summary, VoIP-based phishing, or vishing, unfortunately, has a few distinct benefits for cybercriminals. Thankfully, there are many ways to help protect yourself and others against these types of phishing attacks.

How can I prevent VoIP phishing attacks?

While phishing scams were reported to be the most disruptive kind of cyber attack for businesses and charities in the UK, this does not mean that they always have to be successful. Phishing scammers can be defeated in various ways. In the specific case of vishing attempts, there are four ways to counter and protect against cyber attacks.

1. Frequent data breach checks

Vishing scams can do the most damage when they’re left unchecked. That’s why it’s absolutely crucial to make sure that you’re using a data breach check tool – and that you use it frequently.

Image Source

The right software will be able to tell you if your data has been compromised in any way. That way, you’ll know when to change your passwords, as well as whether you need to take further action to protect your sensitive information. For example, if your data breach check tool informs you that your banking information has been compromised, you would want to contact your bank immediately to lock your account, issue you a new debit or credit card, and then possibly alert the police.

2. Seek cyber safety training

Sometimes, the best way to protect yourself is by making sure that you’re armed with knowledge. There are plenty of experts in the field of cyber safety; Video conferencing software can help you get in touch with them and give you the chance to learn the newest ways to keep your sensitive information safe.

Image Source

The best part of seeking training is that it saves you a lot of time that you would otherwise spend making sure any information you find online is safe and up-to-date. Our online experience evolves every day. That means that phishing scammers are able to become more sophisticated in their methods with each day that passes. By learning from experts in the field, you can make sure that everything you’re being taught is entirely up-to-date.

Additionally, you’ll have the opportunity to ask any questions directly. This is the good side of VoIP – it can be beneficial to remember that even while you’re taking measures to secure your VoIP communications.

3. Research your VoIP provider carefully

Just as there are computer systems that are more resistant to digital viruses, there are VoIP providers that will be more helpful against phishing attacks.

Image Source

To that end, it’s crucial to examine your VoIP provider’s Quality of service or QoS closely. This term refers to the way that a network manages data traffic. Its intention is to reduce interference and set boundaries and priorities for the various kinds of data that can travel between IP networks.

A VoIP provider that boasts excellent QoS is more capable of handling data appropriately, sensitively, and carefully. That’s why it’s so important to check the QoS of any VoIP provider you consider; a provider with great QoS will be more likely to have strong protections in place against vishing attacks.

4. Never disclose sensitive information over phone calls

All the phishing scammers in the world can’t hurt you if you don’t give them any ammunition to attack you with. If you even slightly suspect a call of being a vishing attempt, make sure you do not provide them with any of your sensitive information.

Image Source

Many vishing scammers are very good at what they do, meaning it might be more difficult to realize at first that the person you are speaking to is trying to scam you. That’s why you should make it a habit to be careful with any unexpected phone calls.

If you refuse to give someone your personal information, and they turn out to be part of a legitimate group, you can always contact them again. Your bank will have a dedicated customer service team to help you. On the other hand, once you give a scammer your details, you’ll instantly make their work a lot easier. The key is to keep your guard up.

Learn how to spot phishing attempts.

This is perhaps the most helpful thing you can do to protect yourself against phishing. The sooner you recognize a call as coming from a visher, the more easily you can prevent any harm being caused.

Image Source

In the current remote work climate, it’s imperative to know how you can form your own first line of defense. Remote workers might not have constant access to IT support. Even if they do, it might be too late to get help by the time they become aware that they’ve been phished, especially if the scammers managed to get access to their computer.

That’s why it’s so important to remember how to spot a vishing call. Keep the following red flags in mind, and you’ll keep yourself safe from phishers.

1. A sense of urgency

Is the person on the other end of the line insisting that they need you to take action right now so that you don’t face dire consequences? Chances are, they’re part of a vishing scam.

Image Source

Vishing scammers want to trick as many people as they can as quickly as possible. If you keep them talking and insist you cannot provide your details or pay them right this instant, you’ll be doing yourself two favors. Firstly, you won’t be letting yourself be pressured into surrendering important information. Secondly, the scammer will be unlikely to remain interested in targeting you since you’ve shown them you won’t fall for their tricks.

2. Asking you for passwords

No legitimate company should ever need your password to provide you with their services. Whether it’s a government agency or a bank, a legitimate source could advise you to change your current password at most.

Image Source

Most banks will have statements on their official websites to warn you that they will never ask you for your password. Make sure you check these kinds of sources if you’re unsure whether the company you’re supposedly on the phone with is legitimate. This is a simple but often highly effective way to catch vishing scammers out.

3. Lofty promises

You would be right to be suspicious of any caller suggesting that they can help you earn large amounts of money very quickly. These are the kinds of promises that phishing scammers use to lure their victims into giving up vital information. Are they insisting that they can make you rich in a month? Ask them to provide you with a clear project plan that outlines exactly how they intend to do that. Scammers won’t have one, especially not one that makes sense.

Image Source

If it sounds too good to be true, it probably is. Don’t let the promise of something that sounds almost too perfect trick you into letting your guard down because the scammers only want to hurt you. 

The future of phishing (and vishing)

As the Internet continues to grow and develop, so too do those who would use it to hurt others. Scammers are always learning new ways to trick their targets into trusting them. By making sure that you always keep up-to-date with any new developments in the realm of phishing, you can ensure that you’re protecting yourself to the best of your ability.

It’s worth your while to look into ways to keep an eye on new vishing tactics. Top podcasts on the subject can be a great resource for this, as they can both inform you and help top up your training on how to deal with scammers.

Image Source

The bright side of things is that these podcasts will only continue to grow. As scammers develop new tactics, experts come up with new and innovative ways to counter them. You might at some point be a target of vishing, but as long as you keep yourself trained and up to date, you never need to become a victim.

About the author

Marjorie Hajim is the SEO Manager for EMEA at RingCentral, a leading cloud communications company that provides VoIP, video conferencing, and screen sharing services. She develops and executes strategies for short-term and long-term SEO growth. In her spare time, she loves reading books at coffee shops and playing with her dogs.