Vishing is a fraudulent procedure using a telephone conversation where the attacker tries to get sensitive data from a client (personal data, access passwords to Internetbanking, payment card numbers etc.) Attackers use this procedure often because it is harder to monitor it.
The attacker sends to the client SMS with brief information that suspicious transaction was ascertained on the account. The SMS message includes the telephone number through which the attacker contacted the client or the client must call this number. Consequently, the attacker is introduced as the client’s bank. To get the trust of the client, he asks for the authorization code of a just delivered SMS. Later, or immediately he uses this data to fraudulently get money from the client’s account. The attacker ends the call and if the bank acts quickly the suspicious transaction will not be made and the client’s money will be safe.
How do I protect against Vishing?
Never give personal, authorization or financial information to people who pretend to be employees of the bank by phone, an electronic e-mail or entering unknown Internet pages.