Vishing for Victims: Building Awareness to Beat the Fraudsters

by Ross Dyer

Well that’s the Black Friday/Cyber Monday madness over for another year. This curiously American tradition of shopping excess around Thanksgiving weekend has well and truly come to the UK, and with it warnings that online fraudsters are looking to exploit distracted retailers and fraudsters around this period for their own ends. But while it’s obviously important that businesses and their customers stay vigilant to the increased risks of cyber attack, that’s not the only story we should be concerned about this week.

Financial Fraud Action UK announced on Tuesday that “cold call” phone scams have soared by 17% over the past year to cost businesses and their customers £24 million.

Gone Vishing
This so-called “vishing” epidemic is sort of a low-tech form of phishing. Typically a fraudster will call up a victim pretending to be a police officer, or perhaps a representative of a bank or technology company – basically someone from a trusted organisation. They’ll then invent some story which requires the victim to either hand over their financial and/or personal details so that the scammer can log-in to their bank account. Other tactics are to persuade the victim to hand over their ‘faulty’ cards to a courier or even to transfer money into the fraudster’s account.

It’s on the rise and, worryingly, consumers seem to be unprepared for it. In response to FFA UK’s survey, 36% said they found it difficult to tell the difference between a fraudster and a genuine representative calling up to request info. What’s more, a quarter said they would make no effort to challenge the identity of a cold caller, while 10% said they would even give cash or cards to a courier or transfer money into another account if requested to do so.

Time for education
So does this increase in vishing mean cyber criminals have given up their online antics to focus on the lower hanging fruit offered by phone scams? Well, unfortunately not. This is merely a case of the criminal underworld becoming more sophisticated and more prepared to expand its operations into other lucrative money-making areas.

It’s clear that many members of the public are just not equipped to spot the tell-tale signs of a vishing attack, so just as with online channels, organisations have a duty to their customers to educate and protect. In response to these figures from FFA UK the financial services industry has issued a “Joint Declaration of the UK Banks” – which offers consumer advice, to be backed up with a national ad campaign.

That’s a great start, but your business can also help cut fraud and even differentiate in the market by:

  • Creating a security page online with hints and tips on spotting and blocking phone-based scams and online fraud/phishing
  • Advertising your commitment to fighting vishing and fraud clearly on your site
  • Monitoring sales channels and issuing fraud alerts by email or text/mail if there are spikes
  • Never asking your customers to click on links or open attachments sent in emails
  • Using EV SSL certificates which turn the browser bar green to show it’s a trusted site
  • Building relationships with law enforcement to share intelligence on fraud


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.