As the telecommunications technology industry progress and produce more accessible and convenient ways for people to communicate and do business, significant uncertainty in terms of the level of security and protection of valuable and private information arise.
Nowadays, criminals are taking full advantage of the Internet and technology solutions like cloud communications and Voice over Internet Protocol (VoIP) to access crucial data for financial gain.
VoIP frauds are rising because criminals have found a way to exploit the technology; as it easily hides their tracks with minimal risk of detection. Using fake numbers with fake area codes, scammers can easily disguise to be a government or bank representative and collect critical private information – and in most cases, get away with it.
These kinds of scams have been done with POTS and landlines before, but VoIP has made it easier for them to get away with it. These kinds of scammers try to take advantage of people who are easily overwhelmed by an official-sounding phone call. They leverage on shock value and fear to either collect information or extort money from vulnerable victims.
You might have heard of “online phishing.” It is a scam designed to gather private information like passwords, credit card numbers, and personal details, and even to extort money from unsuspecting web users. But now, criminals are initiating another type of fraud tactic called “vishing,” to carry out their scams over the telephone.
Vishing (voice or VoIP phishing) is a scamming tactic that tricks victims using seemingly legitimate call IDs and telephone numbers to persuade unsuspecting individuals to disclose personal, financial, and health information.
Vishing acts just like email spoofing, where the email addresses look like they come from a trusted source. And, because people usually believe the caller ID and the phone service, spoofing phone numbers can be used to disguise the target, by making it seem like the call is actually coming from a legitimate source.
There are different ways that scammers can carry out their vishing schemes. Here are some of the most common techniques they use to steal information and extort money from victims:
Hosted Scams are carried out by attacking the hosted service provider and breaking into the network by taking advantage of default passwords or minimal security measures. It is one of the most straightforward and most successful technique because it does not usually need any human interaction, and scammers can steal information from a lot of people with one attack because their data are kept within an unsecured network.
Whitelist Scamming is a popular scamming tactic while attackers hack and gain access to your account to place their IP address on your whitelist. Once they were able to do this, the scammers can make phone calls to anyone they wish to on your expense. This is similar to electricity tapping, where the scammer taps on your electricity wire and make you pay for their consumption without you knowing.
This is a more sophisticated technique where the attackers need to complete a packet-based authentication before being able to place calls. It works similar to whitelist scams and will have victims pay for the calls that scammers make.
The problem with these kinds of scams and techniques is that they are challenging to track; making it tough for authorities to catch the scammers. It may be possible to trace the phone number to a particular IP address through some clever calling around to figure out what Internet service the number is using, and from there they can figure out the physical location of the caller. While it is possible, law enforcement is not very sophisticated with the technology yet, so it’s still hard for them to do it.
Nonetheless, the best way to avoid these scams is prevention. Be vigilant and research about recent modus. In the end, if you are aware and secured, you can definitely prevent criminals from making you their next victim. /apr