Phone Call Scams
- JANUARY 6TH, 2025
- 2min read
Introduction
Like phishing, phone call scams also known as voice phishing, short for vishing, have the same end goal to deceive and acquire private, sensitive credentials/information from individuals or businesses. If you have never experienced this, you might have heard or know an elderly person who has fallen victim to a phone call scam. Most of the times, it begins with a phishing email, and then the attacker uses phone calls to establish trust and connection and further manipulate the users by adding a sense of urgency.
Attackers can also pretend to be reputable companies or financial institutions, they dynamically respond to the victim’s behaviour and exploit emotional cues, something not easily achievable through standard phishing emails.
Now, with the help of AI Technologies like deepfakes, attackers can clone voices and easily deceive the victim like in the $25 million scam where the chief financial officer was tricked.
Best Practices to Mitigate Vishing
- Security Awareness Training: Conducting security awareness training monthly or quarterly will keep employees alert and up to date about security threats and precautions which will in turn keep the organisation safe.
- Oversharing: Avoid sharing personal information on the internet about yourself and your family. The attackers gather information about you online. The more you share, the more information they have to deceive you.
- Multi-Factor Authentication: This is strongly advised because it gives you extra layers of security by making it harder for attackers to bypass the additional authentication barriers even if they get hold of your credentials.
- Verify Caller’s Identity: Avoid sharing personal information on any call, especially with an unknown caller and you can verify the caller’s request and identity by reaching out to the individual or company/service provider the caller is identifying with.
- AI Detection Tools: Investing in these tools will help to analyse and detect inconsistencies in the synthetic voice, such as unnatural pauses, mismatched intonation, or even inconsistencies between voice and background noise.
- Email Security: Implementing protocols like DMARC (Domain-based Message Authentication, Reporting, and Conformance) reduces phishing attacks, email spoofing and other email-related threats.
Explore more CIL Advisories
Review Bombing Attacks and Extortion
IntroductionMalicious actors use "review-bombing", a coordinated flood of fake, one-star reviews as an initial step for extortion. This high volume…
NOVEMBER 26TH, 2025
Read More
Synthetic Phishing: AI-Enabled Insider Impersonation
IntroductionThreat actors increasingly use artificial intelligence (AI) to impersonate trusted individuals such as executives, employees, or suppliers within organisations. These…
NOVEMBER 24TH, 2025
Read More
The Silent Security Threat: Data Hoarding
IntroductionThe greatest risk to your organization may be the sheer volume of data we hold, a practice known as Data…
NOVEMBER 19TH, 2025
Read MoreNever miss a CIL Security Advisory
Stay informed with the latest security updates and insights from CIL.
