Bad actors are successfully using vishing, also known as voice phishing, to attack organizations and people. Experts in cybersecurity are seeing a growing trend, with criminals combining vishing with phishing, to increase the effectiveness of their attacks. In fact, the 2022 IBM Security X-Force Threat Intelligence Index reports that click rates for the average targeted phishing campaign increased around three-fold, from 18% to 53%, when phone phishing (vishing) was also used by threat actors. In addition, PhishLabs reports that hybrid vishing attacks initiated by email increased 554% from Q1.
What is Vishing?
At Social-Engineer, we define vishing as the practice of eliciting information or attempting to influence action via the telephone. When malicious actors call, they often employ social engineering tactics to trick their targets into giving away sensitive information.
Social engineering news stories show how criminals are vishing for victims
Small business owners who applied for loans from the Small Business Administration found themselves in the crosshairs of a vishing attack. According to one report, months after applying for a loan, a business owner received a call. It was good news, the loan would go through. However, the business owner was to call back with information about their loan.
Clients of Morgan Stanley Wealth Management became the targets of an account takeover swindle. Using voice-phishing, or vishing, bad actors impersonated Morgan Stanley during phone calls to clients. The bad actors encouraged the targets to reveal personal and financial information including banking or login credentials.
Scammers targeted nighttime employees in Saskatoon retail stores by posing as callers from ‘corporate headquarters.’ As reported by CTV news, the scammers would tell them that a manager had authorized a shipment or payment to be paid by either gift card or Bitcoin. The scammers told the employees that ‘corporate headquarters’ would close the store if they did not make the payments.
Social-Engineer Vishing Service—Test, Educate and Protect
Employee training and education is the best defense against vishing attacks. Including vishing as part of your security awareness programs is vital because it will help discover vulnerabilities in staff behavior. Take proactive steps now with the Social-Engineer Vishing Service. It is a fully-managed human approach–no robocalling.
For more information, please contact our team today.
