Vishing, also known as “voice phishing” or “phone phishing”, is a type of social engineering scam where an attacker uses a phone call or voice message to trick their victim into divulging sensitive information or performing an action that can harm them or their organisation. This is an increasingly prevalent scam that individuals and businesses need to be aware of to stay safe.
The increasingly widespread use of AI or Artificial Intelligence has caused a spike in these attacks, with cybercriminals now able to use AI to clone individual’s voices from answerphone messages or other conversations, and then make their attacks even more believable.
Vishing attacks can take many forms, but they often start with a phone call or message from someone pretending to be a representative of a trusted organisation such as a bank or a well-known company. This individual then uses various tactics to convince the victim to reveal confidential information such as credit card numbers, login credentials, or other personally identifiable information.
What to watch out for
- Urgency or time pressure: The vishing attacker may claim that the victim’s account has been compromised or that there is an urgent need for them to verify their account or provide information.
- Fear or intimidation: The attacker may use threats or intimidation to pressure the victim into revealing sensitive information.
- False sense of security: They may pretend to be calling from a legitimate source, such as the victim’s bank, to provide a false sense of security and convince them to provide sensitive information.
- Spoofing: Spoofing lets the attacker disguise their phone number to appear as if they’re calling from a different location or company. This can make it difficult for the victim to determine if the call is legitimate.
Vishing attacks can have severe consequences, such as identity theft, financial loss, or compromised devices and data. Luckily, there are some defences that individuals and companies can use to protect themselves from vishing scams.
How to protect yourself
- Beware of unsolicited calls: If you receive an unsolicited call, be vigilant and question the caller’s identity and motive.
- Verify the caller’s identity: If the call is regarding your financial information or security credentials, ask the caller to provide their name, the company they’re calling from, and their contact information. Once you have this information, verify it by calling the company’s customer service directly or checking for the company’s contact information on their official website.
- Educate yourself and others: It’s important to educate yourself and others about vishing scams and what measures to take to avoid them.
Remember, never disclose any sensitive information over the phone unless you’re confident about the identity of the caller. By being aware of vishing scams and how to avoid them, you can protect yourself and your organization from falling victim to these attacks.
How Boxphish can help
Unfortunately the different types of phishing attacks are constantly increasing, with vishing and smishing attacks now commonly used to try and catch us out. Cybercriminals are becoming more highly trained and that means that we need to do the same to remain protected.
Boxphish has the solution, offering bespoke cyber security training courses covering a wide range of topics designed to help you learn how to identify and avoid cyber-attacks.