‘Vishing’: the TikTok trend based on an actual fraud scheme

‘Vishing’: the TikTok trend based on an actual fraud scheme

'Voice phishing' has been growing in popularity among cybercriminals and, curiously, users of the social media platform.

‘Vishing’ involves scam phone calls – automated or with a real person – that request for your personal information. (Envato Elements pic)
KUALA LUMPUR:
Lately, a prank on TikTok where people call their friends using an automated answering machine voice to tell them a large amount of money is about to be debited from their account has been growing in popularity.

This trend is along the lines of an actual fraud scheme that is actively used by cybercriminals. Researchers from internet security software company Kaspersky detected an increase in the number of so-called “vishing” emails last month – 100,000 in total – and collected approximately 350,000 such emails between March and June.

Vishing, short for voice phishing, is the fraudulent practice of convincing individuals to call cybercriminals and reveal personal information and bank details over the phone. Like most phishing schemes, it starts with an unusual email from a large online store or a payment system – for instance, a letter from “PayPal” telling you they have just received a request to withdraw a large amount of money from your account.

But here’s the difference: while regular phishing emails ask the victim to follow a link, vishing emails ask that they urgently call the customer-support number provided in the email.

This method was intentionally chosen by cybercriminals because, when people look at a phishing site, they have time to think about their actions, or notice signs that the page is not legitimate.

But when victims talk on the phone, they are usually distracted and find it more difficult to focus. Under these circumstances, attackers do everything they can to further throw them off balance: rushing them, intimidating them, and demanding that they urgently provide their credit card details to cancel the supposed fraudulent transaction.

After gaining the victim’s bank account details, these cybercriminals use the information to steal their money.

Number of detected vishing emails between March and June. (Kaspersky pic)

Curiously, TikTokers are actively repeating this activity, with the only difference being they do not send a fraudulent email in advance, nor do they steal anything from their victims – their goal is a show, not money.

The call is conducted through an answering machine, whose voice is generated with an online translator. The pranksters often introduce themselves as a representative from the customer service department of a large online store, claiming they have just received an order from the victim for several thousand dollars and asking for their confirmation.

No matter how the victim replies, the next thing the answering machine says is: “Thank you, your order has been confirmed.” People think the machine misheard them and that the funds are going to be withdrawn from their account immediately, so they panic, scream, and don’t realise they are being pranked.

“I often come across videos on TikTok of bloggers pranking other people by calling them and telling them their account is about to be debited for thousands of dollars,” said Roman Dedenok from Kaspersky.

“You look at these videos on your phone and you think: ‘How can anyone fall for such a thing?’ But when people encounter scam calls in real life, they are often affected by multiple circumstances at the same time.

“Such a call can catch them off guard, while their head is full of other things and they can’t clearly assess who is on the other end – a prankster, a fraudster, or a real bank security specialist.”

Safeguard your confidential information when you are online, and be wary of phishing and vishing emails.

As such, here are some ways to protect yourself from vishing:

Check the sender’s address: Most spam emails come from addresses that don’t make sense or appear as gibberish, for example: [email protected]. or something similar. By hovering over the sender’s name, which itself might be spelled incorrectly, you can see the full email address. If you’re not sure if an email address is legitimate or not, put it into a search engine to check.

Considering what kind of information is being requested: Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information, such as banking or credit card details, your Socso number or other sensitive data. In general, unsolicited messages telling you to “verify account details” or “update your account information” should be treated with caution.

Be wary if the message is creating a sense of urgency: Spammers often try to apply pressure by using this tactic. For example, the subject line may contain words like “urgent” or “immediate action required” to pressure you into acting.

Check for grammar and spelling: Typos and bad grammar are red flags. So, too, are odd phrasing or unusual syntax, which might result from the email having gone back and forth through translators several times.

Install a trusted security solution and follow its recommendations: The software will solve most problems automatically and alert you as necessary.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.