What is VoIP Phishing?

VoIP phishing, also known as vishing, is a criminal cyber practice that uses social engineering over the VoIP system to gain access to confidential data and financial information of individuals. The attack is used by cyber criminals often for the purpose of stealing credit card numbers and other confidential information used in identity theft schemes.

How Phishing Works?

Phishing is a simple yet destructive trick, and it works like this: scammers send you an e-mail or a voicemail making it appear as if it is from a legitimate financial company or an online retail outlet you are affiliated with—like eBay, Paypal or your bank. In the message, you are informed about a problem with your account and directed to a site or to call a phone number where you will be asked to provide your personal data like your username and password, credit card number, security code, etc.

Some users are so naive that attackers easily trick them into giving their personal information, which are often used to make transactions using their credit card or create cloned credit cards.

Some Examples of Phishing

1. You receive an e-mail from eBay, Paypal or other online companies, informing you of some issue on your account, and saying that your account needs to be frozen. You are requested to go to a given link and provide your personal information in order to get your account working again.

2. You receive a voice mail from your online banking saying that someone tried to access your account. You are requested to call a number and provide your credentials, so you can change your existing credentials.

3. You receive a phone call, saying that there’s a fraudulent or suspicious activities linked to your bank account, and asking you to provide certain details to ward off threats and stop the fraudulent activities.

VoIP and Phishing

VoIP phishing is more convenient for attackers than PSTN phishing because of the following reasons:

• With voice over IP, attackers can more easily tamper with your caller ID and make it appear as if it is your bank or a trusted company that is calling you.
• VoIP software gives so much power to the user that even people with basic tech knowledge can operate its deployment and create a collection of fake numbers they can use to lure victims without revealing their fraud identity.
• VoIP hardware, such as ATAs, IP phones, IP-PBXs and routers, are very affordable and the software that comes along with these hardware are more user-friendly, thus making it easier for cyber criminals to use these devices to their advantage.
• With VoIP, attackers can send one message to hundreds of recipients in one go, which makes it easier to find victims.
• VoIP can create a virtual number for any country. A phisher can then use the created local number and make calls overseas; therefore, imitating popular institutions in Singapore to seek for victims.

How to Prevent Phishing and Avoid Getting Victimized

To avoid voip phishing scams, use a managed office voice communications server hosted by a trusted service provider from Singapore. More importantly, heed these advices from voice over IP experts.

• Do not call any telephone number provided in an e-mail or in a phone call regarding possible security issues with your bank account or credit card. The only number you should be calling is your bank’s contact number, which should be found in your bank account statement. If you receive any malicious e-mail or phone call about your account’s security, take the safer route and personally go to your bank.

• Banks and credit card companies in Singapore normally address their account holders by their full names in any form of communication. If a phone call or e-mail does not refer to your full name, it is possibly a scam.

• If anyone is claiming to be a credit card provider and requests for your card number, ask to call back and call the contact number on the back of your credit card or in your account statement to ask about the attempt. If the first call is legit, your card provider will surely have knowledge of it.

• Note all of your account transactions every month. Be always on the lookout for suspicious activities. By doing so, you can act immediately and stop further illegal transactions from taking place using your information.

• Make sure your mobile number, landline number and e-mail are all registered with your bank. Having all these information will allow your bank to send you alerts when any suspicious transaction takes place.

• Check for the “https://” in the address bar of all e-commerce sites you visit. Look for proper certification and encryption, especially when you are directed to a website over an e-mail or phone call.

• Voice over internet protocol can be used more securely with software filters. How? Reach out to Crystal Voice to learn more about the different methods of securing your Singapore business from phishing and scams. Working with a secure host allows you to use mobile voip anytime without worrying about the safety of your line and the data shared. Other protective features you can use when engaging with Crystal Voice include call recording, blacklisting, virus protection and spam filters to keep your VoIP network secured.

VoIP in Singapore is one of the major targets of cyber criminals. However, as with all types of cyber attacks, user awareness is the key to security. If you and your staff are all aware of what vishing is, how it works and how to spot possible attacks, you have the best line of defence against these fraud activities.