Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic

• More than 215,000 vishing attempts in the last year alone

As new coronavirus restrictions look set to confine much of the UK population to their homes this winter, cybersecurity specialists Panda Security are warning consumers to be on guard for an explosion in ‘Vishing’ attempts by cybercriminals.

Vishing, or voice phishing, is a social engineering technique used by fraudsters posing as someone from an IT helpdesk or support services, in order to obtain personal information from a victim. They will then look to use this information to hack into secure systems and defraud victims.

Vishing has increased as hackers are taking advantage of employees working remotely. Since August last year, HM Revenue and Customs (HMRC) has received reports from the public of more than 215,000 vishing attempts. These scams often offer fake tax refunds or help with claiming Covid-19 related financial support.[i]

The hacker can be very convincing and will often have done a lot of research into the company and the person they are contacting, to make what they are asking you for sound plausible. At times they even spoof phone numbers, so it looks like the caller ID is authentic and the same number as the real business.

European Cybersecurity Month: Keeping the ‘Vishers’ at bay

During European Cybersecurity Month, Panda Security is raising awareness of the dangers of vishing and is calling on consumers and businesses alike to take some simple measures in order to protect their data.  Hervé Lambert, Global Consumer Operations Manager at Panda Security, gives his top tips to avoid being a victim of a vishing attempt this winter.

1. Never give out your personal details: You should never give anyone your personal details such as bank details or passwords verbally over the phone or via email. Hackers will often find data about you on the internet and through social media networks and use this to convince you they are legitimate
2. Be suspicious: It is right to be apprehensive of unknown callers, particularly if you are not expecting the phone call. Ask the caller questions or give deliberately false statements, and if you do not feel comfortable with their answers, hang up and phone the company or person back directly
3. Don’t always trust caller ID: Hackers can often spoof legitimate phone numbers and make you believe that the phone call is coming from a credible source. Remember that legitimate businesses will never ask for your personal details unsolicited over the phone
4. Install security measures: While internet security will not completely protect you from fraud, installing measures such as antivirus software will help protect your digital identity and make the job of the hackers much more difficult
5. Keep calm: Often the hacker will try to panic you into reacting very quickly and scare you into providing them with your information. Take a moment to breathe and slow the conversation down

Commenting on the raise in vishing attempts, Hervé Lambert, Global Consumer Operations Manager at Panda Security says: “Vishing is not a particularly new or sophisticated technique, and yet the “new normal” of working from home has been a boon for cybercriminals looking to exploit vulnerable people in this way. Hackers will scour the Internet and social media networks for any information they can glean about a potential victim before making a call. Once they have secured the victims trust they are then in a position of power to defraud them.”

Lambert continues: “It is essential that consumers take preventative measures to protect their digital identity, while remaining vigilant and question anything that seems unusual. Our key piece of advice remains: never give out your personal details over the phone.”