The effect of vishing on small businesses

The growth of digital tools has allowed thousands of small businesses to scale up at a relatively low cost. The development of cloud-based solutions, in particular, have proved a game-changer for those looking to find new markets without taking on unnecessary costs.  But with that growth has come more vulnerability, as cyber crime continues to threaten smaller businesses in particular.   

However, despite the increased range and sophistication of cyber attacks and scams, there are some tricks that remain quaintly old-fashioned – and effective. Vishing is perhaps the perfect example of this.  

Defined as “The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers,” vishing has been around for decades.  

There is a perception among some that scams like vishing disappeared with the fax machine, but it still affects businesses, with SMEs generally more vulnerable than larger companies. 

In fact, vishing has been around longer than phishing – people have been trying scams over the phone for decades, but it’s found a new lease of life in the last few years as cyber protection tools have become more effective and affordable. And while there’s no technological silver bullet –defending against vishing comes down to good hygiene and solid procedures. 

So what does a typical vishing attack look – or sound – like? One typical scam might involve a call from Microsoft support’, where a caller rings with the news that your computer has a virus. If the person taking the call falls for it, they will be walked through a process of revealing sensitive information that can be used to steal funds or shut down systems in return for a payment.  

Scams like these employ classic social engineering tricks as an opportunity to get information – like an account access code- by convincing you that they’re real. Listing the scams is an exhaustive process but there are some basic good housekeeping rules that can help protect your business.  

  1. Check your permissions: Make sure you have rules in place on your system to ensure you’ve got the right levels of permission in place for your employees. For instance, don’t just give junior staff the ability to change bank details without a second authorization. 

It’s not unusual in smaller businesses for a system where everyone can do everything’; and that’s where a junior employee can end up changing things on the system without the financial controller even being aware of it.  

  1. Get social: Scammers are increasingly turning to social media to glean information about companies and their staff. Get a name and job title and it’s a short step to getting a phone number and calling up with a vishing scam. 

You should ask staff to be circumspect in terms of the information they make public on their profiles, while it might also help to make key staff aware they’re more likely to be a target, particularly if they work in finance.  

  1. Put a name to the face: Try to make sure you have a named contact at every supplier – not just the company name. So when dealing with a supplier, make sure you know who handles accounts: that way you can form a personal relationship. Any call about an invoice or a change in bank details should, therefore, be from your named contact 

Protecting yourself doesn’t have to cost thousands. Good housekeeping and effective systems require a buy-in from everyone and – where necessary – getting the right external help.

We’re right here for all your needs, and you can contact us for help and support in a number of areas, from tax and payroll to accounting and banking