- Voice phishing scams are rising, targeting individuals, businesses and government agencies.
- Scammers will often pose as an IT helpdesk to trick victims into revealing sensitive information.
- Experts advise skepticism of caller IDs and verifying contacts independently to avoid the scams.
SALT LAKE CITY — Cybersecurity experts are warning that more scammers are using voice phishing, also called vishing, to trick people into giving up sensitive information. The scam targets individuals, government agencies and businesses with fraudulent phone calls or voicemails. And it's considered one of the fastest growing scams out there.
They often start with unexpected messages that turn up in your inbox.
"So, all of a sudden, you see that your mailbox is flooded with a ton of messages," said Sanny Liao, who is cofounder and chief product officer at Fable Security. "People in that mindset, they're panicking. They're like, 'What's going on?'"
That's the moment when the attacker picks up the phone and calls you.
"'I'm calling from your help desk,'" said Liao of what an attacker might tell you. "'Your account is under attack right now!'"
You might be tempted to think that an IT hero has come to save the day.
"You are so relieved! Someone is here to help you!" Liao said.
Then comes the ask — they need your PIN to verify your identity. Or they need you to read off a code sent to your phone.
This is just one of the many iterations the voice phishing con can take, she said.
Sometimes, the attackers try to breach your company through social engineering. Sometimes, they're targeting you.
The KSL Investigators have reported on people who are lulled into making bad decisions believing they had been talking to their bank's fraud department. But it's really an impostor.
And criminals often spoof caller IDs to show the names of real businesses.
Protecting yourself
So how do you protect yourself from voice phishing scams?
Be skeptical of caller ID. Keep calm. Never provide personal or financial information to anyone who called you out of the blue. Instead, end the call.
"It's totally OK, just hang up," Liao said.
If you're worried that the call was legit, verify the identity of the person contacting you by calling back using a number you have independently confirmed belongs to your contact or the business. Don't use your phone's callback feature.
"You should know that your IT help desk will always be so relieved that you took the time to verify rather than just going for it," said Liao.
Several major banks and tech companies have said the same thing concerning voice phishing scams. They will never call people and ask for their account or security details unless you call them first.
