UCD Telephone Services note reports of increased levels of unsolicited calls which pose a potential security risk through the attempted phishing of sensitive information and propagation of malware.
Staff are advised to never provide sensitive information to unknown callers and never to access external website addresses suggested by such callers. Just hang up.
Staff should be aware that callers may masquerade as a trustworthy entity in order to gain trust and are designed to install malicious software on your computer, steal your personal information, or both. Just hang up.
Instances of unsolicited calls should be reported to by contacting us. Where the time of the call and the dialling party’s number is known this should be provided.
What is vishing? The term “vishing” is a socially engineered technique for stealing information or money from consumers using the telephone network. The term comes from combining “voice” with “phishing,” which are online scams that get people to give up personal information.
How does it work? Typically attackers use a technique called caller ID spoofing to make it look like calls are coming from a legitimate or known phone number. It’s a very similar technique to email spoofing, which makes e-mail addresses look like they are coming from a trusted source. But because people typically trust the phone service and caller ID, spoofing phone numbers can be particularly damaging.
And just like with online phishing attacks, which direct consumers to phoney Web sites, vishing attacks usually have a recorded message that tells users to call a toll-free number. The caller is then typically asked to punch in a credit card number or other personal information.
What can consumers do to protect themselves? Here is some advice from security experts:
- Be aware. Consumers need to know that these scams exist.
- Be suspicious of all unknown callers. People should be just as suspicious of phone calls as they are of e-mails asking for personal information. And some experts suggest letting all calls from unknown callers go to voicemail.
- Don’t trust caller ID. Just because your caller ID displays a phone number or name of a legitimate company you might recognise, it doesn’t guarantee the call is really coming from that number or company. Caller ID spoofing is easy.
- Ask questions. If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out to see if they are legitimate.
- Call them back. Again if someone is selling you something or asking for information, tell them you will call them back and then either verify the company is legitimate, or if it’s a bank or credit card company, call them back using a number from your bill or your card. Never provide credit card information or other private information to anyone who calls you.
- Report incidents. Report vishing calls to us. We want the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. If you think you’ve been a victim of a vishing attack you can also contact, your local Garda Station.