Avoid vishing scams as a law firm

FBI: Vishing Is on the Rise

As if the 2021 season premiere didn’t start off as quite the head-turner, Bleeping Computer reported that the FBI issued a warning about an increase in a concept known as vishing. Vishing creates a real threat to law firms regardless of their size and regardless of whether they continue to operate from home during the pandemic. What is vishing? Does it differ from phishing? Can you do anything to prevent vishing in your law firm?

What Is Vishing? 

Vishing is yet another form of phishing. It is known as voice phishing. The FBI defines it as scams that occur over the phone, through “voice email,” or over VOIP calls. If you were a teenager during the 90s, you may recall this concept as something a few of us knew as “social engineering.” Phone calls were made to obtain specific information about corporate entities so that either the entity itself or someone from the entity could then be impersonated.

Vishing is, in its base form, a type of identity theft. The most coveted type of information that vishers want is a credit card, debit card, and checking account information. Essentially, any information that can help the scammer access your money or your law firm’s money.

Related: Cybersecurity for Law Firms: Security Data Starts with You

How Does Vishing Differ from Phishing? 

Vishing is a form of phishing. The difference is in how it takes place. Vishing is short for “voice phishing.” Someone reaches out to you or your law firm using a voice method. A vishing scam may involve calling your mainline, your cell phone, or your VOIP. They may even leave you, your receptionist, or your virtual assistant a voice mail. It may involve some other method that essentially is voice contact. Think about the last time you received that annoying phone call “warning” you about how your “car warranty is set to expire.” Maybe it was a recording or maybe it was a real person. Maybe you or someone you know received a phone call from the “IRS.” (Pro tip: the IRS never calls. They only contact you through the mail.) Maybe you or someone you know received a phone call from the “sheriff’s department” threatening “arrest” if you didn’t pay a ticket or warrant over the phone. Those are attempts at vishing. They want your credit card, debit card, or bank account information.

Phishing, as we’ve discussed here on LawDroid, takes place most often via email. It can be quite obvious or it can be difficult to spot. Some phishing attempts that you may get through email have misspellings or may come from that fabled long-lost prince of Nigeria who wants to give you millions of dollars if only you will wire him some money first to cover some basic expenses. For businesses, a phishing attempt may still look like that or it could be less obvious. It could appear as a hold on a credit card, debit card, or bank account. It could look like an email from Amazon, Hulu, GoDaddy, or even a social media provider. You must learn to scrutinize emails before clicking on links. This includes looking for misspelling, hovering over links before clicking and looking down near the bottom of the screen to see the link address, and clicking the tiny down arrow at the top of the email near the “To” and “From” fields to reveal the actual information about the sender. When in doubt, always contact the actual provider if you do business with them. For example, if it appears you get an email from your credit card company about a hold on your account and the email wants you to “click here to enter your password” to resolve it, do not click the link. Call the company and ask to speak with the fraud department instead. Generally, the fraud department could tell you if there really is a hold on your account. If there is, they can take care of it. If there isn’t, they will tell you an email address you should use to forward that email to so that they can further look into the phishing matter. By calling the credit card company, you may protect yourself from identity theft.

Related: What Law Firms Should Know about Phishing and Smishing

How to Prevent Vishing in Your Law Firm 

To prevent vishing at your law firm, explain what vishing is and when it is and isn’t okay to reveal sensitive law firm information and financial information. When in doubt about a caller, always take the name, title, and phone number of the person requesting sensitive information to call them back. If they state that the matter must be handled at that very moment, this should be a red flag, especially when financial information is concerned. Once you have their information, contact the company directly to inquire about the matter’s legitimacy. Remember that the IRS will never call your law firm, even if you are behind on your taxes. They will only contact you by mail.

Do not give client information to anyone who calls. Remember that attorney-client privilege is sacred. Even third-parties who pay for legal services for others are not necessarily entitled to information about the case at hand.

If anyone calls you claiming they are from your bank, credit card company, or other financial institution and asks for you to give them sensitive information such as your PIN number, end the call. Do not ever provide sensitive financial information to someone who phones your law office. Instead, note the phone number if it shows up on your caller ID as well as the name of the person who called. Call your bank immediately and report the vishing scam attempt. Stay safe!

Leave a Reply

Your email address will not be published. Required fields are marked *