Cybercriminals are constantly evolving their tactics to exploit information systems and personal data. Recently, AT&T experienced a significant data breach that exposed personal information of millions of customers. Cybercriminals may use this information to conduct targeted phone scams, vishing, phishing and smishing, including the use of AI-generated voices to appear more convincing. Below is a breakdown of the tactics and how to protect yourself from cybercriminals.
Modern Methods
- Phone Scams/Vishing: Phone scams and vishing are fraudulent calls made to deceive individuals into disclosing sensitive information or making financial transactions. Cybercriminals use Voice over Internet Protocol (VoIP) technology to disguise their identity and make calls appear legitimate. Scammers often impersonate reputable organizations, including banks, government agencies, or even internal company departments.
- Smishing: Smishing is a type of phishing attack conducted via SMS or text messages. Smishing messages often contain malicious links or requests for personal information and may appear to come from trusted sources like banks or service providers. It is important to check a company’s official website, or to call them directly after receiving any suspicious text message.
- AI-Generated Voices: Advances in artificial intelligence have enabled cybercriminals to create highly realistic voice simulations. These AI-generated voices can mimic the tone, pitch and speech patterns of real individuals, making vishing attacks even more convincing. These sophisticated attacks may impersonate company executives, colleagues, or trusted external contacts. If a call seems out of the ordinary, even if it sounds like the person you are expecting, try making an excuse to require you to call back the person directly to ensure the identification of the individual.
Recognizing Common Tactics
- Urgency and Threats: Scammers create a sense of urgency, claiming immediate action is required to avoid negative consequences. For example, you need to pay this bill now or an essential service will no longer be available.
- Spoofed Caller IDs, Email Addresses, SMS Senders, and Voices: Cybercriminals can manipulate caller IDs, email addresses, SMS sender information, and even voices to make their messages appear legitimate. Do not inherently trust an SMS message or phone call just because the caller ID says that it is the person who you are expecting.
- Unusual Requests: Be wary of unexpected requests for sensitive information or financial transactions, even if they seem to come from a known contact. Scammers will often create a story on how they made a mistake, and they need your help to assist them in fixing a problem.
Protective Measures
- Always verify the identity of the caller, sender or voice. If in doubt, contact the organization or individual directly using a known and trusted contact method.
- Never disclose personal or company-sensitive information over the phone, email, SMS or voice communication unless you are certain of the recipient’s identity and legitimacy.
- Immediately report any suspicious calls, emails, messages or voice communications to VUMC Enterprise Cybersecurity (VEC).
- Stay informed about the latest scam tactics, vishing techniques, phishing methods, smishing strategies and AI-generated voice technologies. This does not require technical expertise, as staying up to date with current major news stories will often cover major cyber security trends.
Our collective vigilance is essential in safeguarding our organization and patients against consequences resulting from phone scams, vishing, phishing, smishing and AI-generated voice attacks. By staying informed, following best practices and reporting suspicious activities, we can significantly reduce our risk and be able to emphasize our dedication towards our patients and community. If you experience issues, contact the VUMC IT Help Desk at 615-343-HELP (4357) or email phishing@vumc.org.