Skip to main content
Vishing

Effective Vishing Training

By April 12, 2023No Comments

What would you say is the most effective form of cyberattack? Most of us are familiar with threats such as ransomware, which usually involves phishing emails. However, there is one cyberattack vector which is a rising threat, that is vishing or voice phishing. Vishing uses the telephone to elicit information from targets that could lead to network, personal, or financial compromise. Vishing has become the second largest vector (next to email phishing) that we see today. With just one phone call, an enterprise can suffer devastating consequences. This is why security awareness and training are vitally important for a company to protect their information and assets. Some may argue that a simulated vishing test does not effectively train employees to identify and respond to vishing threats. This could be based on how their test was performed. Let’s discuss some ways vishing simulations are performed, and which is the most effective.   

Effective Vishing Training

Robocalls

Some companies use robocalls to perform their vishing attacks simulations. These simulations feed a prerecorded call to specific phone numbers on a list. The automated voice asks the target to state their name and other sensitive information. Robocalls have become so common that most people hang up when they receive them. This form of testing, though inexpensive, does not provide an opportunity for the tested population to think critically and shut down the caller, thus it’s not the most effective method of testing.

Scripted Calls

Scripted vishing calls are exactly that-scripted. Some cybersecurity companies outsource their vishing to call centers. During this type of vishing test, the caller reads the pretext directly from a script. The call center employees that perform these calls are not professionally trained in social engineering techniques; therefore, they do not employ the same principles of influence that criminals use. This form of testing does not provide a true to life scenario where the tested party can follow their company’s verification procedure to attempt to verify the caller.  

Professionally Trained Vishers

Professionally trained vishers create tailored pretext to fit their client’s needs. While they stay within the boundaries of pre-approved pretexts, they are not tied to a script. They are able to adapt and overcome possible objections, as well as apply the same principles of influence as real attackers. This makes the simulated attacks very realistic and effective. Another benefit is that professional vishers adhere to the customized rules of engagement, making the testing safe and ethical. Humantohuman testing is one thing, but experttohuman makes the testing and training so much more effective. 

What Would You Choose?

If you had to train and test your employees on how to handle a vishing call, which choice would you go with? Robocalls? Impersonal scripted calls? Or expert professionals? 

As we have considered, the most effective method would be to choose a program that is realistic and that can thoroughly test employees. Where can you find professionally trained vishers? Is there even such a thing? Yes, there is. Social-Engineer LLC, has a team of professionals dedicated to vishing and  testing in an ethical yet effective way. Visit our website for a full description of the services we offer. At Social-Engineer LLC, our work is rooted in empathy. This allows us to think like the bad guys but never become them.  

Rosa Rowles

At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit: 

https://www.Social-Engineer.com/Managed-Services/ 

Image: https://blog.ultatel.com/how-answer-phone-calls-professionally/

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now