People need to help raise awareness about voice phishing scams, or vishing, according to Paul Ducklin at Naked Security. While phone scams have been around for years, they remain effective and people continue to fall for them. Someone who would be suspicious of an unexpected email might be more trusting when there’s a human voice at the other end of the line.

“Never let yourself get suckered, surprised, or seduced into taking any direct action on the basis of a phone call you weren’t expecting from a person whose voice you don’t recognise with certainty,” Ducklin writes. “It doesn’t matter where the call claims to originate. Anyone can say they are from your bank, a hospital, the tax agency, a coronavirus track-and-trace service, the local police station, or the lottery company. Whether the caller is giving you bad news or good, you have no way of verifying anything that’s said to you from information offered up in the call itself.”

Ducklin adds that when you receive an unsolicited phone call from someone asking for information or trying to get you to do something, you should hang up and call the organization that the caller claimed to work for.

“Whether you are worried about a fraudulent transaction, scared about a tax problem, or excited about what could be a lottery win, here’s what to do: find a number to call back by yourself, using contact information you already have on record,” Ducklin says. “Your last tax return should have a tax office contact number on it; your credit card should have a fraud reporting number on the back; most hospitals have a central contact number that can be double-checked online; and so on. Never rely on information read out to you in a call, or sent in an email, or delivered via SMS, as a way of deciding whether to believe the message or the call.”

New-school security awareness training can teach your employees about social engineering techniques so they can avoid falling for these tricks.