2024 Training Schedule Available
Bad actors are successfully using vishing, also known as voice phishing, to attack organizations and people. Experts in cybersecurity are seeing a growing trend, with criminals combining vishing with phishing, to increase the effectiveness of their attacks. In fact, the 2022 IBM Security X-Force Threat Intelligence Index reports that click rates for the average targeted phishing campaign increased around three-fold, from 18% to 53%, when phone phishing (vishing) was also used by threat actors. In addition, PhishLabs reports that hybrid vishing attacks initiated by email increased 554% from Q1.
At Social-Engineer, we define vishing as the practice of eliciting information or attempting to influence action via the telephone. When malicious actors call, they often employ social engineering tactics to trick their targets into giving away sensitive information.
Small business owners who applied for loans from the Small Business Administration found themselves in the crosshairs of a vishing attack. According to one report, months after applying for a loan, a business owner received a call. It was good news, the loan would go through. However, the business owner was to call back with information about their loan.
Clients of Morgan Stanley Wealth Management became the targets of an account takeover swindle. Using voice-phishing, or vishing, bad actors impersonated Morgan Stanley during phone calls to clients. The bad actors encouraged the targets to reveal personal and financial information including banking or login credentials.
Scammers targeted nighttime employees in Saskatoon retail stores by posing as callers from ‘corporate headquarters.’ As reported by CTV news, the scammers would tell them that a manager had authorized a shipment or payment to be paid by either gift card or Bitcoin. The scammers told the employees that ‘corporate headquarters’ would close the store if they did not make the payments.
Employee training and education is the best defense against vishing attacks. Including vishing as part of your security awareness programs is vital because it will help discover vulnerabilities in staff behavior. Take proactive steps now with the Social-Engineer Vishing Service. It is a fully-managed human approach–no robocalling.
For more information, please contact our team today.
In the rapidly evolving digital landscape, no entity is immune to the pervasive threat of cyberattacks. The security breach at MGM Resorts highlights the vulnerability of even massive organizations. As
SMiShing Attacks in the News In February 2024, 19.2 billion spam texts bombarded U.S citizens according to a recent report. As annoying as spam texts are, they are not always
