Don't Answer the Phone: Inside a Real-Life Vishing Attack

It started with a phone call around 10:30 a.m. on a Tuesday from an unknown mobile number. I was working on my computer at home and usually don't answer phone calls from people I don't know. For some reason, I decided to stop what I was doing and take that call.

That was my first mistake in a series of several I would make over the next four hours, during which I was the victim of a vishing, or voice-phishing campaign. By the end of the ordeal, I had transferred nearly €5,000 (EUR) in funds from my bank account and in Bitcoin to the scammers. My bank was able to cancel most of the transfers; however, I lost €1,000 (EUR) that I had sent to the attackers' Bitcoin wallet.

Experts say it doesn't matter how much expertise you have in knowing the tactics attackers use or experience in spotting scams. The key to the attackers' success is something older than technology, as it lies in manipulating the very thing that makes us human: our emotions.

"Because we are so tech-centric, we forget that actually these scam tactics are old — predating even Internet scams — and very proven," says Richard Werner, cybersecurity advisor at Trend Micro. "They work with emotions. When they put us in the right mood and trigger anger or fear, we forget all the advice. In those cases, we lose common sense, and there's where [attackers] get us."

Read the Full Article on Dark Reading