As cyber criminals become more sophisticated it is important to be aware of the different types of threats that can occur, and what action you can take to mitigate against this risk.
We’d like to remind you to never share your personal details over the phone and ensure that you take simple steps to avoid becoming the victim of a cyber-attack.
We have been alerted to the potential of vishing (voice phishing) attacks targeting students and therefore ask you to be aware of this issue, and cautious of phone calls to and from unrecognised numbers.
What is vishing?
Vishing is a form of phishing that involves voice communication. Vishing phone calls may be from a real person or be a pre-recorded robocall, where cyber criminals use voice tactics to trick victims into taking certain actions that put their personal data at risk. Such as sharing personal and financial details like bank account numbers and passwords.
Whilst vishing poses a threat, there are ways to guard against it, including:
· Never share your personal data. Never share passwords, log-in names, driver’s license or passport information over the phone. Avoid giving out sensitive information over the phone, especially if you aren’t able to originate the call.
· Listen to the language. Carefully listen to the caller and mentally flag if they’re using social engineering language that leverages fear or urgency, such as rushing you to take up a “once-in-a-lifetime opportunity”.
· Be suspicious of unsolicited phone calls. If you suspect that a call is a vishing attack, hang up immediately. Don’t answer their questions or press any buttons. Don’t try to confront them since scammers can record your response to gain access to voice-activated menus.
· Screen your calls carefully. If you don’t recognize a number, let it go to voicemail. Some scammers will “spoof” your caller ID into thinking their call is coming from a nearby location or a reputable source. If you want to reply to a voicemail, research the number first or seek out an official contact number or email and confirm any information they provided.
What can I do if I have been the victim of a vishing attack?
If you have been the victim of any type of cyber-attack including vishing, please log it as a cyber incident by opening a ServiceNow ticket with Digital Services, so it can be appropriately reported and managed by the Cyber Team.