Phishing and Vishing: Avoid Scams Through Staff Training
Have you kept up with cyber trends during the pandemic? Phishing and vishing scams are a growing threat to your club and the safety of your business’ and clients’ confidential information. Scammers employ social engineering techniques, such as impersonation or intimidation, to trick your staff members into sharing data about your business. Educate your employees about phishing and vishing attempts to reduce the likelihood of a data breach.
What are phishing and vishing?
Phishing is a common type of social engineering that uses email or text messages that mimic a known or trusted sender. These messages look legitimate and create a sense of urgency, raise curiosity or cause anxiety in recipients, who may unsuspectingly click links or open attachments containing malware or computer viruses.
Voice phishing, or vishing, is similar to phishing except that criminals use social engineering tactics and a direct human connection to illegally gain information or access money. With the increasing popularity of voice over internet protocol phone technology, scammers can spoof another organization’s phone number, location and even disguise their voices without being tracked by law enforcement. Vishing comes in many forms and includes robocalls, cold calls from actual people or even targeted calls from an informed attacker.
A robocall is an automated phone call made by a computer system. It’s a cheap and easy method for scammers to make calls from anywhere in the world. Once connected, the robocall can deliver a prerecorded message to someone at your club. These recordings use social engineering tactics to manipulate your employee into sharing sensitive information including personally identifiable information, health and medical records or employee records.
Keep in mind that there is no easy way to completely avoid vishing and robocalls. Social engineering attacks are successful because they exploit human psychology by tricking people into passing along desired information. The best preparation is awareness and education. Train your staff to:
- Keep information confidential. Repeat frequently that employees should never provide personal, business or financial information over the phone.
- Verify the caller’s identity. Encourage your staff to hang up immediately if the caller cannot establish who they are.
- Answer only recognizable numbers. Let a call go to voicemail if your employee doesn’t recognize the number.
- Check with management. Teach staff members to refer all requests for club or member information to your club’s management.
- Stay vigilant. Recognizing offers that are too good to be true can often make the difference in preventing an attempted vishing attack.
Finally, train your staff not to be afraid to hang up if anything about the call seems suspicious. Remember, if someone requests any kind of confidential information about your club or members over the phone, you can call the organization back directly to see if a representative is trying to reach your club with a legitimate request.