News

The Rise of Vishing: How Voice Phishing Attacks Are Evolving in 2024

Voice phishing, or 'vishing,' has surged in 2024, with scammers using calls to deceive victims into revealing sensitive information.

The Rise of Vishing: How Voice Phishing Attacks Are Evolving in 2024

Understanding the Growing Threat of Voice Phishing (Vishing) in 2024

Voice phishing, or "vishing," has seen a significant surge in 2024, with scammers increasingly using phone calls to deceive victims into revealing sensitive information or performing unauthorized actions. This trend is particularly concerning due to its ability to bypass advanced email filters and directly engage victims in real-time.

Introduction

In the first quarter of 2024, nearly 964,000 phishing attacks were recorded, with a notable rise in voice phishing, or "vishing"[1]. This form of social engineering involves scammers using phone calls to impersonate trusted entities, tricking individuals into revealing personal information or making financial transfers.

The Rise of Vishing

Vishing attacks have become more prevalent, with over 20% of fraud-related assets now involving phone numbers[2]. This method often involves hybrid phishing, where victims receive a fake email receipt and are urged to call a support number. Once on the phone, scammers extract sensitive data or convince victims to send money.

How Vishing Works

Vishing typically involves scammers masquerading as people from trusted organizations to extract sensitive information. Unlike traditional email phishing, which relies on deceptive messages, vishing involves direct communication with potential victims. This direct approach allows attackers to engage with victims in real-time, making these methods more effective at bypassing traditional email security filters[2].

Sector-Specific Targets

Social media platforms remain the most frequently targeted sector, accounting for 32.9% of all phishing attacks in Q2 2024[1]. However, vishing is also targeting bank and online payment service customers, making it a significant concern for financial institutions.

Actionable Steps

To combat the rise of vishing, organizations and individuals must remain vigilant. This includes implementing comprehensive security measures such as caller ID verification, educating employees about the risks of vishing, and using advanced security filters that can detect and block suspicious phone calls.

Key Statistics

  • Number of Vishing Attacks: Over 20% of fraud-related assets now involve phone numbers, indicating a significant rise in vishing attacks[2].
  • Target Sectors: Social media platforms (32.9% of all phishing attacks in Q2 2024) and financial institutions are primary targets for vishing[1].
  • Methods Used: Hybrid phishing, where victims receive a fake email receipt and are urged to call a support number, is a common approach used by vishing scammers[2].
  • Impact on Security: Vishing bypasses traditional email security filters by engaging victims directly through phone calls, making it a more effective method for attackers[2].
  • Actionable Steps: Implementing caller ID verification, educating employees about the risks of vishing, and using advanced security filters are crucial steps to combat the rise of vishing[2].

Real-Life Examples

  1. Caesars and MGM Scam: In a notable example, scammers used vishing and spear phishing techniques to attack Caesars and MGM, two Las Vegas casinos. They impersonated employees on the phone with the IT department, using information found on LinkedIn to gain new credentials and install ransomware[3].

  2. OCBC Bank Scam: In December 2021, nearly 470 customers of OCBC Bank lost a combined S$8.5 million to vishing scams, leading to significant reputational damage for the bank[2].

  3. PayPal Scam: An 84-year-old man lost nearly $100,000 to a scammer claiming an accidental deposit by PayPal, which led to remote access of his computer and bank account[2].

Expert Insights

Experts emphasize the need for continuous vigilance and education to combat vishing. Regular training sessions for employees on cybersecurity and vishing threats have proven effective as a vishing attack prevention measure[2]. Advanced technologies like spam blockers and caller ID verification are crucial tools in the fight against vishing.

Conclusion

The rise of vishing in 2024 underscores the evolving nature of phishing attacks. As these tactics become more sophisticated, it is crucial for both individuals and organizations to stay informed and take proactive steps to protect against these increasingly effective threats.

References

  1. Vishing Statistics 2024: Unmasking the Voice Phishing Threat - Keepnet Labs
  2. A Deep Dive into Vishing Statistics in 2024 - Keepnet Labs
  3. Vishing: What you need to know to stay safe in 2024 - TeamPassword
  4. Combating Vishing: An Analysis of Voice Call Impersonation and Emerging Defenses - GSMA
  5. Top 54 Phishing Attack Statistics & Latest Trends for 2024 - Spacelift

Table: Vishing Around the World

CountryVishing ScenarioKey Tactics and Trends
PeruRecorded over 12 million spam calls in October 2021.Impersonating local banks or government agencies, leveraging local trust.
MexicoWitnessed over 3.2 million vishing attempts in 2021.Mobile-based attacks, fake bank alerts, fraudulent transaction warnings, faux lottery wins.
IndiaA single scammer made over 202 million spam calls in 2021.KYC scams with fraudsters posing as bank officials, exploiting the diverse linguistic and cultural landscape.
IndonesiaExperiencing a surge in vishing attacks with its growing digital economy.Scams related to online purchases, posing as customer service from e-commerce platforms, fake discounts.