We are "almost" used to phishing, the scam email that tries to steal our data. And also to smishing, the variant via sms. But what about vishing, thelatest sophisticated variant of the classic telephone trap via voice. It works like this: we receive a phone call, preferably on our mobile phone so that the calling number can be viewed clearly and immediately. There it is, our trusty number. Accompanied, as often happens now, by an inscription that identifies it clearly, in full. Our bank, insurance company, gas or electricity operator call us. Or maybe the Revenue Agency, because that's exactly what it says on our display. And then there's that professional voice that immediately makes us feel at ease. There is a problem with the blocked account, but we can solve it together with our efficient partner at the moment. There is something wrong with the bill but we can fix it right away. A voice will guide us: just insert some personal code and follow the indicated procedure. The number that appears seems like an absolute guarantee. We trust. Woe to us.
How the scam works
Vishing (voice phishing) was not born yesterday, but for some time now it has become truly insidious thanks to the combination with another curse of telecommunications technologies: the caller id spoofing, which we have already talked about extensively, namely the manipulation of the transmitted number to the receiving telephone, which appears to be what it is not. Devices and procedures to implement the trick are widely used by call centers that massacre all of us every day to make us change service providers or offer us improbable investment opportunities. But there is, in fact, worse: the caller id spoofing used to win our trust and maybe empty our bank account.
On the other side of the phone, attempting to defraud, there is often a sophisticated professional criminal, a complex fraudulent organisation, capable of skilfully making use of the so-called SOCIAL ENGINEERING, the set of techniques that are based on innate feelings: trust and fear, greed and altruism. The dynamic is that of two times: altering our emotions by putting us in front of an unexpected event, to immediately offer us a life preserver that guarantees us an almost immediate solution. A good service, which comes from those we have already chosen to solve our everyday tasks. Why be surprised?
The catalog of traps
There is a real personalized catalog in the scams implemented with these techniques. Does the evildoer know that he is preying on an elderly and probably not very smart person? Here is the halt of what we believe to be our bank: a computer attack is underway which needs to be defused by changing the account access codes. Whoever is on the other side of the handset can do it directly. Just give him the codes. And then, together and via telephone, the validation procedure of the operation from our mobile phone, given that this is now a universally widespread practice precisely to hinder fraud. And what about the gang he works with self-styled officials of the Revenue Agency who inform us of the deadline within the day of the possibility of remedying unpaid taxes (of which we may not be aware) avoiding very heavy penalties? Same technique: operation via telephone "and everything falls into place by rectifying the past and without sanctions avoided at the last minute".
Account, codes, confirmation messages, validation of the operation: all done with the collaboration of the diligent and extremely helpful official. After all, is it true or not that all, absolutely all, the last governments in office have put in place fantastic projects for the "friendly taxman"? So friendly that some self-proclaimed official particularly dedicated to protecting the elderly even offers to send someone to collect the necessary cash directly from our home: the number that appears on our display is the proof and the new phone call that we will receive "for security" when the person in charge will lend himself to ring the doorbell. Sounds amazing but someone falls for it today again.
Attention: if the troubles caused by the examples we have just given are certainly relevant, there is much more to create potential problems for us. Not only sharing our credit card data, but also simply requesting the details of a document and our current account can expose us to an endless series of frauds: for example, the stipulation of loans in our name.
How to prevent and how to defend ourselves
First universal rule: our data, whatever it is, doesn't work never shared nor simply confirmed by telephone, not even if the caller looks like the employee of our bank or the official of the company of which we are customers. However, a request of this type is anomalous, in practice it does not respect anyone who operates correctly in the rules. It must immediately warn us of an attempted fraud. And less than ever it is better to answer unknown or obscured numbers. If anything, let's leave it inserted voice mail, listen to the message and then calmly evaluate the situation: if we think that there is a real possibility that the call is authentic, we will just need to call that number again.
But for greater safety, let's take further precautions: if the call was received on a landline phone, call back from a mobile phone and not from the same device, which in the case of a traditional telephone still connected to the exchange with a copper twisted pair (objectively rare, but still happens today) may have been momentarily disconnected and reconnected to a line simulator by the criminals directly from the local telephone cabinet. A scam within a scam, which however is impossible to implement if our landline phone works with a fiber optic connection that arrives directly at home.
Do we suspect that we have been subjected to a vishing attempt? Or maybe we just fell for it? The steps to take are immediately intuitive. First step: we instantly change the access codes we have shared. Second, and possibly contemporary, step: to try to defuse the scam product, we immediately notify the company or operator involved. Third step (also quick): let's make a exposed-complaint at the police station or at the local Carabinieri station.
