Vishing (a combination of the words "voice" and "phishing") is the fraudulent practice of attempting to steal information or gain unauthorized access to your personal information via a telephone call. Attackers use a special technique—caller ID spoofing—to make incoming calls look like they are coming from a legitimate or known phone number.
For example, you may receive a call from a recognizable number. Upon picking up the phone, you'll hear a recording or a live representative claiming to provide a service or reward to you. Since the phone number is familiar, you may be more likely to provide answers to questions that seem harmless such as your birth date, favorite color, banking institution, etc. You may even give them access to your computer. While this may seem like a routine or meaningless call, you may in fact have become a victim of vishing.
Like many other higher education organizations, the University of Miami has received reports of vishing on campus phones. It is important that you remain vigilant, and review tips on how to protect yourself.
Follow the tips below to protect yourself against vishing attempts:
- Be suspicious of all unknown callers. People should be just as suspicious of phone calls as they are of emails asking for personal information. Some experts suggest letting all calls from unknown callers go to voicemail. Hang up if you are unsure.
- Don't trust caller ID. Just because your caller ID displays a phone number or name of a legitimate person/company you may recognize, it does not guarantee the call is really coming from that source.
- Verify the identity of the person you are speaking with and check for credentials. If someone is trying to sell you something or is asking for your personal or financial information, ask the caller to identify who they work for. Research the name of the person or the company the person is representing. Ask the person precise questions that may cause the criminal to hang up, if they feel you are on to them. If you feel the call is fraudulent, discontinue the conversation.
- Ask to call back and compare. Tell them you will call them back; then, verify that the company is legitimate as noted above. If it's a bank or credit card company, call them back using a number from your bill or the back of your credit card.
- Just say no. A legitimate company will never reach out to you to request sensitive information or access to your device. Never provide credit card information or other private information to anyone who calls you.
- Report. Document the call, note what was said and what information was requested, and take down the phone number of the caller (if possible). Report this information as soon as possible to the ISO at: infosec@miami.edu.
Have questions? We're here to help!
If you have questions about cybersecurity, or if you want to learn more about how to stay safe online, contact the Information Security Office (ISO) at: infosec@miami.edu
