Vishing: The New Generation of Phone Scams Pushing Thailand’s Buttons

Reading this, you’ve probably experienced a shady call or two, phone scams are nothing new from boiler room boys promising the next hot stock (financial fraud) to paid-for horoscope subscriptions (cramming), technological advances have always been a useful weapon in any conman’s arsenal.

Vishing – a play on Voice Phishing is a staple from the tele-scammer playbook currently experiencing a new lease of life. Like email phishing scams, the aim of the game is to dupe unsuspecting victims into handing over confidential information.


Vishing The New Generation of Phone Scams Pushing Thailands Buttons

The new wave of Vishing scams is a more sophisticated twist on the last – an old sleight of hand trick, deceiving you into coughing up credit card details and personal information.

Today, a simple “Yes” can lead to unwanted call charges, subscriptions and signups to applications being billed on your next monthly statement – the cramming scam for the digital age has arrived: the “Can You Hear Me?” Phone Scam.

The Old Classic: The Bank Scam

A traditional trust con.

An urgent afternoon call from your ‘bank’ saying that your account has been hacked or your credit card stolen, inevitably panic sets in and your heart rate rises into a frenzy.

Luckily for you, the helpful service assistant on the line is on hand to help. She tells you to jot down a 1800 toll-free number and to speak to your bank directly to resolve this issue. Frantic, you recite the phone number to memory and make the call. Typically, there is now a verification procedure. They simply need to you to punch in your credit card numbers, expiry date, and CVV code – not too much to ask for a security check.

Hurriedly you rummage through your wallet or purse and grab your credit card and willingly hand over your credit card information to the “bank assistant” on the other end of the line. Unluckily for you, this is not your bank, but a syndicate of organized criminals who proceed to empty your bank account, maxing your credit card or selling your personal information. A scary thought indeed.

This scam is more common than one would think, especially in Europe and America, although empirical data would indicate that it’s not as successful as email phishing inside Thailand. Due to its lower success rate, it is not as commonly perpetrated although factors such as gender and age impact the results greatly – with the older generation more susceptible to vishing scams. Good mobile device and internet security hygiene is essential in stopping these criminals and it is wise to educate your elderly family members about potential problems.

The Can You Hear Me Scam?

The Can You Hear Me Scam, made possible by the inclusion of third-party services in subscribers’ bills combined with the growing popularity of voice identification and voice synthesis in many sectors, including banking.

Authorities are trying to combat this “cramming” craze; telecom giants Verizon have recently settled $158 million in damages on claims by customers who’d had third-party services fraudulently added to their bills.

But this is just scraping the surface. Businesses lost on average $43,000 per account and individuals targeted through impersonation lost $4200. The vishing con is real and here to stay.

HSBC is just one of several banks that uses this voice recognition technology to allow voice authentication as a password. However, clients must authenticate themselves initially through a “code word” followed by saying aloud “my voice is my password”. HSBC claims that the system is full-proof as the voiceprint created has the physical and behavioral nuances of one’s speech, which is recognized by their system.

For an HSBC account security breach, it would be troublesome for scammers to initially get your code word, but the phrase “my voice is my password” could be teased out over several phone calls. Voice-authentication systems don’t seem to be going away with Google and Adobe both developing their own realistic speech synthesis programs: Lyrebird is another high-profile company developing this technology.

Scams like this are commonplace in Thailand not just to dupe unsuspecting citizens, but as a location for foreigners to perpetrate this activity.

Also see:

One Ring Phone Scam
Caller ID spoofing

If you are concerned about Vishing scams impacted your business. Speak to Aware’s IT security specialists today. We are here to assist you.

Tags

What do you think?

Related articles