A new kind of Voice Phishing – “please say yes”


A new kind of Voice Phishing is circulating – the ‘can you hear me?’ phone scam has been reported in US, UK, and Australia.


This is a little different to the traditional Vishing or Voice Phishing methods that directly attempt to steal account credentials and personal information.


The scammer records the victim’s voice and it begins with a call from a scammer impersonating a representative from a legitimate organisation that may be familiar to the recipient, like a bank or utility.


After the introduction, the scammer asks the recipient whether they can be heard clearly, and then records the consumer’s “yes” response in order to obtain a voice signature.


The intention, according to the US Federal Communications Commission, is to use this voice signature to later authorize fraudulent charges by telephone.


The caller may ask it several times, to which most people on the other end would reply with ‘yes’. The scammer then records the ‘yes’ response and ends the call. That recording of the victim’s voice can then be used to authorize payments or charges in the victim’s name with voice recognition. Because it is the person’s voice authorizing transactions, it makes it hard to dispute later if a victim claims they have been scammed.


Using recording technology and potentially automating the system may allow the criminals to target large volumes or end user customers and stealing their “yes” response to the basic questions.


The level of threat does seem low as over the phone transactions require further forms of verification or authentication. However, this does show a new kind of voice phishing and quite a novel way of exploiting the unsuspecting victim with some recording technology. As identity theft and relate fraud is often a blended threat with multiple components, this “yes” recording may provide another piece of puzzle for the criminal.

About the author

3 Responses
  1. […] Vishing, or voice phishing, is a phishing assault where fraudsters utilize the phone to distort their alliance or specialist with the expectation that unfortunate casualties will uncover qualifications or other individual data for further trade off. Regularly, vishing on-screen characters get the individual data of the person in question, including their telephone number, and start a spontaneous consider professing to be from an association the injured individual trusts, for example, a bank, government office, or other specialist organization. Unfortunate casualties, regularly unconscious that fraudsters can utilize strategies, for example, guest ID parodying to influence it to seem like they are calling from a real business, will probably be socially designed by the individual dash of a human voice than the unoriginal pinch of an email. […]

Leave a Reply