Vishing involves criminals calling potential victims, claiming to be someone from their bank, the police, a legitimate organisation such as HMRC, a supplier or even an internal member of staff.
Fraudsters may claim that your account has been compromised, that there is suspicious activity on the account, or that a payment has been made by the business using incorrect bank details.
Criminals have been known to convince victims that the call is genuine by getting them to cross-check the incoming phone number with the official number of the bank. However, fraudsters can use technology to spoof numbers which make them appear to be coming from a genuine source.
Smishing is when criminals use SMS text messaging to impersonate a trusted organisation, such as a bank or HMRC, and try to trick the recipient into clicking on a link or sharing private information with the attacker.
The SMS text often contains a phone number which connects you to the fraudster. As with vishing, details can be spoofed, so it can seem as if the texts are coming from a legitimate source and they can even be inserted into genuine text communications with the organisation.
To make the scam more convincing, fraudsters may use information about your company, employees or recent activities using details that they have found online.
Listen to the two calls below, or read the transcripts, and see if you can identify the fraudulent call.
These calls are based on real conversations.
Hi I'm Francis, and I’m calling from the Barclays fraud team.
There have been three payments of £4,200 made from your business account this morning, and I’ll need you to confirm that you made these payments.
Before you do, I’ll need to take you through security.
Can I take your memorable word and passcode in full please?
End.
This is Sam from the Barclays fraud team.
We've noticed unusual activity on your business account and need to take immediate action.
I've already spoken with your Relationship Director David Warner and he's given me the go ahead to contact you.
Before we proceed, you’ll need to verify some account details in full...
End.
Both calls were from fraudsters.
Both fraudsters claimed to be from a bank and asked for memorable information.
Suspicious? End the call immediately
To check if the person on the other end was legitimate, call a trusted contact at the organisation. Make sure you use a different phone – the fraudster can keep the original line open.
Beware what you share
Remember, your bank will never ask you for your password, PIN, payment authorisation codes, provide you with details to make a payment, or request access to systems or PCs.
Give yourself time to stop and think
Fraudsters often create a sense of urgency that convinces employees to act quickly, without thinking through the implications of their actions. Do you really need to rush?
Always stay on your guard
Never assume that the caller is genuine because they know information about you, your company, your colleagues, or even if they have the right caller ID.
Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.
What are the key cyber fraud threats your business may face today, and how can you mitigate those risks?
Latest insights