See tips on how to protect yourself from phone scams. Learn more about Vishing.
In September, global hotel company MGM Resorts reported that it had suffered a cyberattack that affected casino machines, online reservations and guest check-in. The incident naturally had a negative impact on the company’s business, with the number of guests in September falling by 5% compared to the same period last year.
Additionally, the estimated damages were approximately US$15 million, or approximately R$76 million in reais. Jonathan Arendt, a cybersecurity consultant at Keeggo, explained that in the MGM case, hackers posed as employees to obtain access credentials and hacked into internal systems to steal data. To achieve this, the scammers use Vishing techniques that combine the English words “voice” and “phishing,” where scammers try to obtain confidential information over the phone. Read on to learn what you can do to mitigate such scams.
Scam using phone
This was just one of many scam incidents that are occurring through technology. More than a quarter of organizations suffered a cyberattack last year, an increase of 8% from 2021, according to BugHunt’s National Information Security Survey. Of these, Vishing was one of the top attacks reported during this period, accounting for 11.1% of the records.
Tips to protect yourself from attacks
Jonathan Arendt emphasizes that cybersecurity is a constant concern for companies. The expert highlighted some tips to avoid this type of attack. See below.
Train the team
Train staff to recognize and report imminent scam attempts. You should know that you cannot share sensitive information over the phone without verifying the identity of the caller.
Verify identity
Also, always verify the identity of the sender before sharing sensitive information. This may include verifying your identity using a predefined password or security question.
Data Security Policy
Implement a data security policy that prohibits sharing sensitive information over the phone without proper authentication and authorization.
Two-factor authentication
Use two-factor authentication whenever possible to access sensitive accounts and systems. This makes it difficult for attackers to gain unauthorized access.
Call monitoring and logging
Another tip is to monitor important and confidential phone calls, creating activity logs in case you need to investigate or prove the authenticity of the call.
Update your software and antivirus
Always regularly update your software with the latest security patches and run antivirus programs on all systems to avoid known vulnerabilities.
Data encryption
Also use encryption to protect sensitive data in transit and at rest, making it harder for attackers to access that data.
Data Backup
Back up your important data regularly and keep it in a safe place. This can help you recover your data in case of corruption.
Regular security assessments
Additionally, conduct regular security assessments, including penetration testing and phishing simulations, to identify vulnerabilities and train employees.
Incident Response Plan
Being one step ahead is always the best way to go. So, prepare an incident response plan to deal with destructive attacks and other cyber threats. This includes specific steps to take if you suspect an attack.
