Wishing There's No Vishing


Vishing, phishing, spear phishing, bloatware, cryptojacking, and on and on. The cybersecurity field has no end of colorful labels to explain to mere mortals. Kaspersky commissioned Skeptical Robot Studios to write a series of detailed blog posts that make the concepts accessible to consumers.

It's a common scenario. Someone visits a social media platform and clicks an enticing link — only to see a blue screen appear with a warning message to call the toll-free number displayed to repair a serious computer problem.

A pleasant technician answers the phone, more than willing to help — for a price. After credit card information is provided to pay for the software to solve the computer problem, the con is complete, and the victim pays dearly.

The software doesn't work, and the helpful technician disappears, never to be heard from again. The user has become another victim of a malicious practice called "vishing".

Vishing in a Nutshell

Most people have heard of “phishing”. Phishing involves enticing email or text messages into clicking on links to files or websites that harbor malware. The links may also appear in online advertisements that target consumers.

Vishing uses verbal scams to trick people into doing things they believe are in their best interests. Vishing often picks up where phishing leaves off.

In the example above, the victim clicked on a link for an online advertisement related to personal interests. Malware embedded in the link triggered a lock-up that only the helpful "technician" on the other end of the phone could fix. It will cost the victim some amount of money to remediate the problem. Of course, it was all a scam, and the technician’s "company" was the actual source of the problem.