The vishing It is a type of fraud that relies on social engineering techniques and in which the attacker communicates by phone or via voice message impersonating a trustworthy company or entity with the intention of misleading the victim and convince her to take an action that goes against her interests.

The vishing is born from the union of voice and phishing, that is, it encompasses those phishing attacks (deceptions through fraudulent sites that imitate the portals of banks and companies) what involve a voice, be it robotic or human. In these, the attackers can reach the victim by phone calls Massive calls, such as a corporate call center, or leaving voicemails.

In addition, among the favorite topics chosen by scammers for these communications we find references to financial problems or security, or the impersonation of an alleged relative or acquaintance, etc.

They simulate the realization of a transfer and modify the amount so that it seems that there was a mistake.Photo: Clarín Archive

“Although this technique may represent a greater cost and work on the side of cybercriminals, it is more effective than other similar forms of attack such as phishing: through a phone call a more personal communication than via email, so the emotional manipulation it is easier to carry out “, details the Computer Security researcher at the ESET Laboratory, Martina Lopez to Clarion.

“In extreme cases, the attacker simulates sadness or crying in the face of a supposed problem that arises and that only the victim can solve,” he added.

Being a type of attack similar to phishing, the use of vishing as a resource by criminals can be observed in different fraud schemes. TO Here are some of the more common cases:

1. Refund for computer service

The victim is called for the first time to report a alleged money back for a service that the user hired years ago and that the alleged company stopped offering it.

Thus they convince the victim to first install remote access software on their computer that will allow the scammer to access the computer and then request that they access their bank account from their computer.

A type of vishing: they convince the victim to install software on their pc and steal the data. Photo: Clarin Archive

In parallel, simulate a transfer and they modify the amount so that it appears that there was a mistake and a different value was entered, causing more money to be transferred than was due. In this way, the user feels pressured to act in good faith and return the allegedly transferred excess money, and this is where scam occurs.

2. Technical support: infection with a malware (“malicious program”)

They communicate with the victim explaining that they are calling from a company with a generic name, supposedly specialized in computer security, and they assure you that they are providers of protection services for your computer.

Using social engineering, the attacker persuades the victim who ends up allowing access to his computer using remote access tools that can act even when the owner is absent.

Another type of vishing: they make the victim believe that their device is damaged and they have to pay a large sum of money to repair it.

Then, by running applications usually installed from the factory on the victim’s computer or showing supposedly corrupted files, they discover – false – signs of an infection to worry the victim and make believe your device was compromised.

Once the attackers consider that the user is sufficiently worried, they intimidate you to buy a supposed security solution for a large sum of money to fix the problem (which does not exist).

3. Financial and legal fraud and identity theft of a state body

The attackers are posing as the voice of an entity such as the police, a bank or a legal firm to report any problem or fraudulent movement associated with the victim.

.With this excuse, they request the delivery of personal information and in some cases even access to the user’s computer, thus being able to enter confidential, private and sensitive information.

4. An acquaintance in trouble

Pretending to be someone they know, the attackers urgently request the recipient of the call need to hand over money, either physically or through a bank account that will be provided over the phone.

On multiple occasions employ aggressive emotional manipulation methods, such as a false cry or an appeal to an accident suffered by the alleged victim’s acquaintance, to add credibility to the deception.

The scammed person must file a complaint with the Specialized Cybercrime Fiscal Unit. Photo: Clarín Archive

The scam with the IFE, again in force

During 2020, in full quarantine, a computer security firm warned about a new hoax that targeted the beneficiaries of Family Emergency Income (IFE).

Posing as ANSES managers, the scammers sent a WhatsApp to potential victims and convinced them that they were calling them to help them collect. In this way they obtained the victim’s home banking credentials, hijacked his account and took out a loan in his name.

Currently, with the second wave of coronavirus and the idea of ​​a fake monetary support on the part of the government the scammers returned to the ring.

“In one example we found, scammers communicate with victims by posing as attorneys for a law firm affiliated with the Ministry of Social Development. They allege that, to supplant the failure to deliver the IFE bond in these months and the imminent quarantine due to the rise in cases in our country, they were in charge of delivering financial aid “.

The message of the scammers who, during 2020, were posing as ANSES employees. Photo: ESET.

“As they say, it would be for the value of $ 20,000 and would target people with disabilities, the unemployed, below the poverty line, the elderly, among other groups hit by the economic crisis. To collect it, they say, the victim must wait for another call that will be executed at the hour and write down a code that they must then enter at the ATM. “

When this communication arrives, the scammers do nothing more than guide the victim step by step to configure their homebanking key and enter the code that they mentioned above, in addition to providing the user with whom you operate on the bank’s site. Thus, scammers get full control of the account.

Recommendations to avoid being a victim of vishing



“Upon receipt of a suspicious call verify the source. If it is an acquaintance, contact him, and if it is a supposed bank, check the reason for the call or if we have an associated service, “says López, from ESET Latin America.

“It is important too distrust the origin and in case of being something doubtful, finish the communication as soon as possible. If the person who contacted us claimed to be from a company with which we are associated, it is advisable to contact the company through the official communication channels. ”, He concludes.

How to report?

The scammed person should contact the Cybercrime Specialized Fiscal Unit (UFECI). 11) 5071-0040 / 0041 Email: [email protected]

