What is “Vishing”?
“Vishing” uses techniques that are essentially similar to phishing, the act of acquiring sensitive information via electronic communication while posing as a trusted entity. A vishing attack takes place over the telephone, using call spoofing, and tricks a user into disclosing personal information such as credit card numbers or a three digit security code.
Recent vishing attacks use an automated robo-caller stating that the victim’s security software was breached and requests them to call a number. Calling the number will connect the victim to a human who will attempt to access the victim’s workstation via Citrix remote access. Once they have access to your computer, they can do the following:
- Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also charge you to remove this software.
- Convince you to visit legitimate websites (like ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
- Request credit card information so they can bill you for phony services.
- Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
How can I protect myself?
Do not trust unsolicited calls and never provide any personal information. If you receive an automated robo-call claiming your security software was breached:
- Do not call the provided number
- Do not purchase any software or services
- Never give control of your computer to a third party
Are there any additional resources?
The Washington state Office of CyberSecurity maintains an excellent list of resources if you’d like more information on how to protect yourself from these type of scams.