ORLANDO, Fla. – Any human is vulnerable to being “vished” or “malicious vishing,” according to CEO and founder of Social-Engineer, Chris Hadnagy.
The term vishing defines a new phone call con game that has surged by more than 500% in the past year.
[TRENDING: Become a News 6 Insider]
The Federal Trade Commission estimates Americans lose an estimated $1.2 billion a year to vishing tactics.
Vishing is the practice of eliciting information or attempting to influence action via phone or text and a product of social platforms like Facebook , YouTube, Instagram and TikTok.
“They’re finding out details about your spouse, your kids, your personal likes, your hobbies and they’re using that in the vishing calls,” Hadnagy said.
He’s also the author of “Human Hacking: Win Friends, Influence People and Leave Them Better Off for Having Met You” and just completed an ambitious study he calls the “State of Vishing” report.
Hadnagy told News 6 the study is “a first,” intended to provide a sweeping understanding of the techniques used in what he calls a “dangerous attack vector.”
“We analyzed 83,000 calls and 1.3 million tweets,” Hadnagy said. “We brought on a Ph.D. and had her start analyzing all of these calls so we can see if there was some patterns or things we can use to educate the public so we can fight this problem.”
Hadnagy has assembled a team, hired to pose as HR and IT employees by major companies and banks to use the social engineering charms used to put targets at ease to convince them to share key information.
Shelby Dacco, the company’s human risk analyst, posed as various employees in over 19,000 vishing calls.
“We’re trying to see how people are vulnerable to this,” Dacco said. “It’s building a relationship with them and when you ask for their assistance then a lot of people will do it for you.”
In one call with a major bank employee, Dacco’s techniques disarmed the employee when she claimed to share the same favorite color. After gaining her trust, the employee eventually gave the password to her company computer.
Hadnagy said malicious vishing is used against everyone, from grandparents to corporate America and is a “huge problem.”
“Think about the tactics Shelby used,” Hadnagy said. “There were so many factors that Shelby used to make that woman feel comfortable. Then at the end when she said, ‘OK, the last thing I need is your password,’ she gave it out.”
The techniques range from gaining your trust to intimidation by impostors who pose as the IRS or a law enforcement agency.
“This may be some of the most important data on the planet right now for information and security,” Hadnagy told News 6. “So we are going to be analyzing these calls year after year to help people stay safe.”
To see the complete report, click here.
If you receive a call from an impostor trying to access your personal or banking information, hang up. You can file a complaint with the Federal Trade Commission here or contact Make Ends Meet by email at email@example.com or by text at 407-676-7428. Include the issue and the words “Make Ends Meet” in the text.
Get today’s headlines in minutes with Your Florida Daily: