Vishing
When you receive a phone call from a cyber criminal who is trying to obtain your personal and/or financial information, this is called vishing. Vishing is becoming increasingly common. Similarly to phishing, these calls sound like they’re from a trusted source, but are in fact fraudulent.
The most common signs of a vishing call are a sense of urgency (someone requesting that you do something right now) and unexpected timing (someone calling out of the blue). If you are unsure about an incoming call, don’t pick up (let them leave a message and then you can decide if the call is legitimate) or hang up as soon as you can.
Here are some examples of the types of calls you might receive:
- Impersonating a bank representative: the caller pretends to be a bank employee and asks for personal information (such as your account number and pin) to resolve some ‘suspicious activity’ on your account.
- Impersonating tech support: the caller pretends to be a tech support worker from a big company (such as Apple or Microsoft) and asks to access your computer or device remotely to ‘remove a virus’.
- Lottery or prize scams: the caller informs you that you’ve won a prize and requests personal information in order for you to claim the winnings (they will often create a sense of urgency and excitement to distract you).
- Impersonating a government agency: the caller pretends to be from a government agency, such as the ATO, Centrelink or Immigration Services. They may claim there is a problem with your records or taxes and ask for immediate action, such as a payment or your personal details, to avoid ‘a penalty’ or ‘legal consequences’.
- Impersonating a charity: the caller pretends to represent a charitable organisation or disaster relief fund and requests a donation. They may exploit your compassion and ask for your credit card details or a deposit into a fraudulent account.
If you receive a phone call that you are suspicious may be a vishing scam, you should always report it to Scamwatch.
In your report, it is helpful to include:
- The caller’s name (if provided) and phone number.
- The date and exact time of the call.
- A description of the call and the caller, including what they said, where they claimed to be calling from, and what they requested from you.
- Any supporting evidence, such as recordings of the call or related voicemail messages.
- What your response was during and after the call, including if you disclosed any sensitive information of clicked on any links or files as instructed by the caller.
If you think you have disclosed your personal information to a vishing call, follow these steps immediately to limit the damage and protect yourself from further loss.
If you are the target of a vishing scam that is related to Deakin (or if the caller mentions anything about Deakin), it's also a good idea to report it to IT Help. This can help protect others from falling victim to the same scam, and it assists our Cyber Security team to take appropriate actions to minimise the threat.