How to Protect Against Low-Tech
Cybersecurity Threats
Written By
Banc of California
Sophisticated scams may dominate headlines, but most cybercrime is far more mundane.
Small businesses are often hit the hardest, accounting for 43% of attacks. Yet only 14% of small and medium-sized businesses are fully protected against low-tech cybersecurity threats, which are expected to cost $5.2 trillion globally.
These so-called “old-fashioned” scams can catch even the savviest of business owners. Tactics such as fake invoices, callback tricks, social engineering and vishing remain alarmingly effective, especially as they often exploit human behavior rather than software vulnerabilities.
Vishing (voice phishing), in particular, is a growing concern, with one report suggesting that 70% of businesses are vulnerable to these attacks. So, how can businesses protect themselves from vishing, and what should you do if you suspect you’re being targeted? We’ll explore these questions below.
What Are Vishing Scams?
Vishing is a form of phone impersonation fraud in which scammers impersonate banks, government organizations, vendors or executives over the phone. Their goal is to trick victims into providing sensitive information, such as:
- Account details
- Business and personal credentials
- Passwords
They may also use psychological tactics, like fear or urgency, to pressure victims into approving fraudulent transactions, including:
- Checks
- Fake invoices
- Wire transfers
This kind of scam can take many forms, but it often follows a familiar script.
You might answer the phone, and the caller says they’re from your bank’s fraud team. Their tone is calm, almost friendly, as they explain there’s been a strange payment you don’t remember authorizing. To “fix” the issue, they ask for your account number and PIN, and because they already know your name and some details about your account, the request feels far too believable. But, unfortunately, the call isn’t genuine, and your information is now in the hands of a scammer.
As a reminder, Banc of California will never contact you via text, email or phone to request your password or other sensitive information. In another common example, the caller claims to be from a tech support team. They tell you your computer has been infected with a serious virus and offer to fix it remotely. All you need to do is grant them access and share a few login credentials or payment details. Once inside, they can steal data, install spyware and lock you out of your own systems.
Other Common Low-Tech Cybersecurity Scams Targeting Businesses
Vishing may be the most common low-tech threat, but it’s not the only scam businesses need to watch out for.
Invoice Fraud
Invoice scams often slip through the cracks when teams are overwhelmed or distracted. A fake invoice might land in your inbox. It looks legitimate, matches a supplier you’ve worked with and arrives at just the right time. But the bank details have been changed, so the money goes straight to the scammer.
Business Email Compromise (BEC)
This type of scam involves highly convincing spoofed emails that appear to come from senior executives or trusted vendors. The goal is usually to pressure an employee into making a wire transfer to a fraudulent account, often under the guise of an urgent or confidential request. BEC continues to be one of the most financially damaging types of cybercrime. In 2024 alone, it caused over $2.77 billion in losses across 21,442 reported incidents in the U.S.
Social Engineering Scams
These cons rely on psychological manipulation rather than technical hacking. The scammer might pose as a trusted vendor chasing an overdue invoice or a colleague who needs a password urgently. The aim is to spark just enough fear or pressure that you bypass the normal security checks.
How to Identify Vishing and Social Engineering
Recognizing these warning signs can help businesses and individuals avoid falling victim:
- You receive an urgent request via email or phone, asking you to disclose sensitive data.
- The caller states they’re from your bank and insists you need to act fast.
- Your phone shows an unfamiliar number, yet the caller claims to be associated with your bank, a vendor or a colleague you know.
- The caller refuses to offer callback information or verifiable details.
- The caller adopts pressure tactics or threats if you delay—for example, telling you that if you don’t give them your account details, they won’t be able to help you protect your money further down the line.
If you notice any of these red flags, treat communication as suspicious and end the conversation immediately.
How to Protect Against Vishing and Other Scams
Spotting these scam signs is the first step; the next is putting safeguards in place so your business is less vulnerable to these types of attacks:
- Verify before acting: Pause and check the legitimacy of invoices and payment requests before sending funds. If something feels off, don’t share any information and make a note of the details.
- Use trusted channels: Hang up or ignore the email and call back using a verified number from the organization’s official website or your records, not the one provided by the potential scammer.
- Require approvals: Implement steps to verify payment or phone requests, such as dual sign-off for wire transfers or any changes to payment details.
- Train your team: Make scam awareness part of your company’s onboarding process and provide regular refreshers to help staff spot vishing and social engineering tactics.
- Enable account alerts: Turn on features like spending limits and notifications for unusual transactions, so you can quickly spot suspicious activity.
What to Do If You Suspect Vishing or Other Scams
If you suspect you’ve been targeted by a vishing scam, it’s essential to act quickly.
- Stop all communications: As soon as you confirm it’s a scam, stop all further interactions. Do not respond to or forward suspicious emails, messages or calls.
- Contact your relationship manager: Notify your relationship manager at your bank or financial institution to get immediate support and implement protective measures.
- Secure your accounts: If you’ve interacted with a fraudulent message or clicked links, change your passwords and review account settings. Make sure to enable security features like two-factor authentication.
Essential Contacts
- Banc of California Client Support: Contact your relationship manager immediately if the fraudulent activity involves your account or any Banc of California services. They will provide immediate support and initiate protective measures to safeguard your assets and personal information. For any concerns or to report suspicious activities, call 877-770-BANC (2262) or email ClientCareCenter@bancofcal.com.
FBI Internet Crime Complaint Center: For crimes involving cyberfraud, file a report at ic3.gov (opens new window) or via its CyWatch 24/7 Operation at 855-292-3937.
Old Scams, New Consequences
Low-tech scams like vishing may not make the headlines in the same way as AI-driven fraud, but their consequences are real and costly. The best defense is to stay alert and act quickly when something feels wrong. Explore more cybersecurity and fraud prevention articles on our Business Insights page for detailed tips on recognizing and avoiding common scams.
CONNECT WITH A RELATIONSHIP MANAGER
COMPLETE THIS FORM OR CALL
877-770-BANC (2262)