What is Vishing Brand Impersonation?

Technology has provided tremendous opportunities for large brands, but is also constantly providing new threats. One of the newer threats is called “Vishing Brand Impersonation,” which has caused serious damage to some large brands. Meantime, it’s a new enough threat that many company IT teams and management may not have heard of vishing brand impersonation, or it’s ‘cousin’ smishing brand impersonation.

In this article, we cover:

• What is Vishing (and it's cousin Smishing)?
• What is Brand Impersonation?
• What is Vishing Brand Impersonation, and what are some ways that I can protect my company?

What Is Vishing (And It's Causing Smishing)?

Vishing and smishing are forms of social engineering attacks that use phone calls and text messages, respectively, to trick individuals into giving away sensitive information or money.

Vishing, or voice phishing, is a type of phone scam where a fraudster impersonates someone – often using  caller ID spoofing – in order to gain access to sensitive information such as credit card numbers, social security numbers, or login credentials.

Smishing is similar to vishing, but uses text messages instead of phone calls to trick individuals into providing sensitive information or clicking on malicious links.

What Is Brand Impersonation?

Brand impersonation is the practice of tricking a consumer into believing they were contacted by a legitimate company. This is done in order to trick individuals into giving away sensitive information or money. This can take many forms, from creating a fake website, to creating a fake social media account that mimics a real company.

For example, a common brand impersonation in the US relates to the IRS. Fraudsters call small business owners and pretend to be representatives from the Internal Revenue Service (IRS). The fraudsters then demand payment for supposed fines or taxes and threaten legal action if the payment was not made.

What Is Vishing Brand Impersonation, And What Are Some Ways I Can Protect My Company? 

Vishing brand impersonation is the practice of using voice phone calls (the “V” in vishing) to fish for information by phone (“phishing”), while impersonating a legitimate brand in order to gain access to sensitive information or money.

It’s making a phone call, impersonating a brand (hopefully not yours!), to get information that can be used to scam consumers.

This can include impersonating a company's customer service department and asking for personal information, or pretending to be a company representative and asking for a payment.

From the corporate side of things, it’s critical to protect your company from vishing brand impersonation. How?

1. First, be clear that you’re going to stop vishing brand impersonation. Then, use this clarity to make sure you have a plan in place to identify and respond to these types of attacks.
2. Educate employees about vishing brand impersonation and smishing brand impersonation: Many of your employees may never even have heard these terms. Provide training to employees on how to recognize and respond to vishing and brand impersonation attempts. This can include examples of common tactics used by fraudsters and tips on how to communicate with your customers about it.
3. Use brand monitoring services. The right technology partner can monitor vast troves of call audio data and see if your brand name is coming up in scams. They can alert you early in the process, and help you take appropriate action.
4. Monitor social media: Regularly monitor your company's social media accounts and look for the signs of brand impersonation. Report any impersonation attempts to the relevant social media platform and take appropriate action to have the fake account removed.
5. Use a voice-based security solution: Implement a voice-based security solution that can detect and block vishing attempts in real-time. These solutions use advanced algorithms to analyze call audio and detect patterns of fraudulent behavior, such as the use of spoofed caller ID numbers or the use of pre-recorded messages.
6. Have a response plan in place: Have a plan in place for responding to vishing and brand impersonation attempts. This can include procedures for reporting suspicious activity to the appropriate authorities, public relations strategies, additional steps to protect sensitive information, proactive customer communications, and more.

Vishing brand impersonation and smishing brand impersonation is a serious threat that can harm your brand reputation and cause financial losses, and even legal challenges.

By educating your employees, using brand monitoring services, monitoring social media, using a voice-based security solution, and having a response plan in place, you can help protect your brand from these types of attacks.

One easy way to obtain comprehensive, full-spectrum protection against vishing brand impersonation is a turnkey solution from a service provider, such as YouMailPS. They offer a free ebook on Stopping Brand Impersonators. Get their ebook here >