changelogUpdate
閱讀更多

What is Phone Phishing?

13 Feb 2023
5 分鐘閱讀

Phone phishing, also known as "vishing," is a type of social engineering attack that uses voice calls or recorded messages to trick individuals into revealing sensitive information, such as passwords, credit card numbers, or personal identification numbers (PINs). Phone phishing is often used by criminals to steal money or personal information from unsuspecting victims.

In a typical phone phishing attack, the attacker will pose as a trustworthy organization or individual and call the victim, claiming to be from a bank, a government agency, or a technical support team. The attacker will then ask the victim to provide sensitive information, such as passwords, credit card numbers, or bank account information, by claiming that the information is needed to resolve a problem or verify an account.

Phone phishing can also take the form of recorded messages, where the attacker leaves a voice message that appears to be from a trustworthy source and instructs the victim to call a phone number to resolve a problem or receive important information.

It is important to be vigilant and aware of phone phishing tactics, as attackers are becoming increasingly sophisticated and can be difficult to distinguish from legitimate calls or messages. Some tips to protect yourself from phone phishing include:

Do not reveal personal information: Never reveal sensitive information, such as passwords or credit card numbers, over the phone unless you initiated the call and are sure of the identity of the person on the other end.

Verify the identity of the caller: Before providing any information, verify the identity of the caller by asking for their name, contact information, and the reason for the call. If you are unsure, hang up and call the organization directly using a verified phone number.

Be suspicious of unsolicited calls or messages: Be suspicious of unsolicited calls or messages, especially if they ask for personal or financial information.

Do not call back numbers left in voice messages: Do not call back numbers left in voice messages, as these numbers may be fake and used to trick you into revealing sensitive information.

Simplified Example

Phone phishing is like when a trickster disguises themselves as someone you trust, like a friend or family member, to trick you into giving them important information.

Imagine you receive a phone call from someone who sounds like your best friend, but it turns out it's not actually your best friend, but someone pretending to be them. They might ask you for your secret code to your toy box, or for your allowance money.

Just like how you wouldn't give a stranger your secret code or money, you shouldn't give important information to someone who calls you on the phone, even if they sound like someone you trust. Instead, you should ask them questions to make sure it's really them, or hang up and call them back using a number you know is correct.

Phone phishing is a trick that people use to steal your information or money, so it's important to be careful and not give out important information over the phone unless you are sure who you are talking to.

History of the Term "Phone Phishing"

In its early usage, the term "phone phishing" emerged concomitantly with the growing awareness of phishing email scams, necessitating a distinction between scams targeting emails and those targeting phone calls. References to "phone phishing" surfaced in cybersecurity blogs, news articles, and law enforcement reports during the early 2000s. The term gained wider recognition through diverse channels, including media coverage, with news outlets and journalists reporting on cybersecurity threats contributing to the dissemination of awareness regarding phone phishing scams. Furthermore, cybersecurity organizations and researchers frequently incorporated the term in their reports and educational materials to enhance public awareness and offer guidance. Additionally, individual experiences and discussions online, as people shared their encounters with and warnings about phone phishing scams, played a role in furthering the term's dissemination.

Examples

Voice Phishing (Vishing): Voice phishing, also known as vishing, is a type of phone phishing scam where scammers call individuals and impersonate a trusted organization, such as a bank or government agency, in order to steal personal information. In a vishing scam, the caller may ask the individual to provide sensitive information, such as their Social Security number, bank account number, or credit card information, claiming that it is needed for security reasons or to resolve a problem. The scammers may use automated voice systems or live callers to carry out the scam.

Smishing: Smishing is a type of phone phishing scam that uses text messages to trick individuals into providing personal information. In a smishing scam, scammers send a text message claiming to be from a trusted organization, such as a bank or government agency, and ask the recipient to provide sensitive information, such as their password or credit card number. Smishing scammers may also use malicious links in the text message to install malware on the recipient's device.

SIM Swap Fraud: SIM swap fraud is a type of phone phishing scam where scammers impersonate a victim and convince their mobile phone provider to transfer their phone number to a new SIM card. The scammers then use the new SIM card to access the victim's bank account and steal sensitive information. In a SIM swap scam, scammers may use social engineering techniques, such as impersonating the victim or posing as a customer service representative, to trick the mobile phone provider into transferring the phone number. SIM swap scams can result in significant financial losses and identity theft, making them a serious threat to mobile phone users.

  • Phishing: A type of cybercrime that involves tricking individuals into giving away sensitive information, such as passwords, credit card numbers, and other personal information.

  • Replay Attack: a type of cyber attack that occurs when a malicious actor intercepts a valid network transmission and then retransmits it at a later time.

分享這篇文章