The Danish Consumer Council and The National Centre for IT Crime (NCIK) have just reported that the number of reports of contact fraud, as vishing is also called, is increasing dramatically at the moment.
What is vishing?
Vishing is a contraction of "voice" and "phishing." It is a type of phishing that takes place over the phone, where scammers make calls to potential victims to lure sensitive information out of them, such as passwords or bank details. They do this by pretending to be from legitimate companies or authorities, such as banks or the police, who call to request personal information for various reasons. Often, vishing calls are made using pre-recorded calls.
Vishing particularly affects individuals, but companies are also affected through, for example, CEO fraud. This can be done through the use of deepfakes, which is when fraudsters, through voice-altering AI, mimic the voice of, for example, the boss of a company or other high-ranking employee. There have been examples of alleged CEOs making phone calls to employees to make urgent transfers of significant sums of money, when in fact it was simply fraudsters making the call through deepfakes, thereby deceiving the employee concerned.
The use of deepfakes makes vishing even more dangerous because it is very difficult to detect and therefore almost impossible to defend against.
Number of cases on the rise
According to the report by NCIK and The Danish Consumer Council, elderly citizens in particular were defrauded or attempted to be defrauded of over DKK 56 million in 2022 alone. This corresponded to a 38% increase in the number of vishing reports compared to the previous year.
Older citizens in society have a weakened digital defence and at the same time a high trust in authorities, which makes them easy victims in the eyes of criminals.
The Centre stresses that in addition to having huge financial consequences for individuals, vishing can also be a highly unpleasant experience. They also report that in some cases during the year, individual citizens have been defrauded of several million DKK.
This typically involves being called by a fraudster pretending to be from their bank, on the pretext that their account is insecure, at risk or perhaps already being defrauded. The victim may then be asked to transfer the money from one account to another so-called "safe" account, which the fraudsters then control.
Transition from NemID to MitID
Fraudsters particularly exploited the transition from NemID to MitID in Denmark for scams. This has been done, for example, by impersonating public authorities in calls or emails to citizens.
Again, older people were particularly at risk because they are less experienced in digital transitions.
The fraud often involved fraudsters impersonating banks or police, who called to persuade the victim to transfer money to a so-called security account. And because the transfer was made by the victim themselves and not via hacking, it was manipulation that made this type of fraud successful.
It could also be done by fraudsters pretending to be from the Citizens' Service or the Agency for Digital Government, who wanted to help the victim with the digital transition. This could lead to the victim being tricked into providing enough sensitive data, which the fraudster could then use to create a new MitID device in the victim's name.
Since the deadline for switching to MitID, the number of fraud cases has dropped slightly, which suggests that this played a role in fraud attempts last year.
Why vishing is particularly dangerous
Through vishing, fraudsters usually manage to manipulate victims enough to make the transfers themselves or to provide sensitive information.
And the very fact that the victim has made the transfer or provided the information means that there is little help available from the bank, the police or any insurance company.
However, if the payment was not made by the victim, the bank is obliged to refund the money. However, according to the Danish Consumer Council, there may be a deductible of up to DKK 8,000 in the event that you have given a code to a fraudster yourself, for example.
What you can do
As mentioned, it can be extremely difficult to detect and see through whether you are being targeted by a vishing attempt. But the following tips can help protect you from being scammed over the phone - whether you're an individual or a company employee:
- Never give out sensitive information over the phone including NemID/MitID, social security number, passwords, bank details etc. - and remember that authorities, banks and other companies will never ask for your passwords, PINs, confirmation codes or your card number, etc.
- Slow down to let your critical mind wander and ask yourself if it is really true that the bank, for example, calls and asks for this kind of information.
- Find the phone number of the person or institution who claimed to be calling you on their official website and call them to confirm or deny that they were the one who tried to call earlier.
- Hang up if you suspect you are being scammed. You don't have to be polite.
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.