Automated calls are nothing new; picking up the phone to a recorded message from a company claiming that they ‘heard’ we had an injury in the last 12 months, or that we’ve been mis-sold PPI (payment protection insurance) is a common occurrence.
Often these automated marketing calls are used by organisations to save money on call centres; instead of getting real people to cold-calling potential clients, they can use a robot instead. Unfortunately, some unscrupulous individuals have started using automated calls to scam people into handing over their banking details.
All you need to know about vishing
Vishing, or voice phishing, is the act of convincing a recipient to disclose personal information over the phone. It’s basically exactly the same as phishing; a person that you don’t know pretends to be a company or organisation that you trust, and using some clever social engineering tricks, convinces you that they need your banking information - or any personal information.
In some instances, vishing can be more convincing than a phishing scam; we’re all accustomed to receiving junk mail in our inboxes, but we’re less used to receiving scam calls. If you’re not aware of these types of calls, they can be much more persuasive than an easily deleted phishing email.
How does vishing work with automated calls?
Automated calls are a way to call hundreds of people very quickly, to then spend time talking to the people that respond. Vishing takes the exact same approach - for the scammers, they can save time by only speaking to people who have been taken in by their automated call.
We recently received an automated call pertaining to be from Amazon, and it gave us the perfect opportunity to look at vishing in more detail.
How do you know if you’re talking to a visher?
If you receive an automated call that you weren’t expecting, that’s the first red flag. Automated calls are most frequently used for marketing, and so even if the robot you’re talking to hasn’t asked you for your bank details, they’re likely trying to sell you something.
The automated call we received stated something to the effect of, ‘An order of the iPhone 11 has been placed with your Amazon account, which Amazon believes may be a dubious transaction. Please press 1 to discuss.’ We’ve also heard of automated calls from Amazon regarding a Prime subscription, with a similar ‘press 1 to discuss’ at the end.
The main problem with this vishing call is that it doesn’t give us much to work with. With a phishing email, you can take your time reading it to figure out whether it is legitimate or not. With the Amazon vishing call, there’s very little time to decide whether or not to be connected, which works in the vishers favour. People are likely to press 1 and talk to someone before they spend a few hundred pounds on an iPhone they didn’t order.
However, just like phishing, there are some hallmarks of a scam for us to identify. Both the iPhone 11 and Prime membership are expensive transactions - which have been intentionally chosen to get the recipient to panic first, and think later. It should also be noted that the call itself is unusual - if you’ve spent money with Amazon, it’s not exactly in their best interests to ring you up and ask, ‘Are you sure?’.
What should I do if I receive one of these calls?
We’d encourage anyone receiving these automated calls to hang up immediately. Amazon has confirmed that they do not call customers regarding payments outside of their website. We’d also advise recipients of these phone calls to check their Amazon account, and their bank account, and if there are any payments you don’t recognise, contact Amazon or your bank directly. Take the time to think before you give a cold caller any personal information - or trust a robot.
Tweet us @TranscenditUK