Two trends are currently making waves in the cybersecurity landscape: Vishing attacks and AI. Vishing (or voice phishing) is on the rise, becoming increasingly sophisticated and harder to detect. One of the reasons for the increasing level of sophistication is the large amount of information available for cybercriminals to gather. Social media sites such as LinkedIn often provide attackers with the target company’s full organizational structure, including employee names, positions, work histories, and social connections. Information they then use to create credible and compelling pretexts. AI technology is making this research easier for attackers. For example, Large Language Model (LLM) such as GPT-3 can collect information from across the web, almost instantly. In addition, criminals are now leveraging generative AI to clone voices. They can now create convincing audio deepfakes to trick businesses and individuals into divulging confidential information.
MGM Resorts suffered a serious cyberattack expected to cost over $100,000,000, and it all started with a vishing call to the organization’s help desk. Using information scrupulously researched and collected from LinkedIn, attackers posed as an MGM Resorts employee. Established in their credible pretext, the attackers called MGM Resorts help desk asking for aid to access their account. After successfully gaining initial entry, they escalated their privileges and eventually got administrator rights, allowing them to deploy ransomware. This shows the dangers of vishing, even without the use of AI.
AI likely used to con Newfoundlanders out of $200K
CBC News reports that seniors in Newfoundland have been swindled out of over $200,000 in a sophisticated vishing scam. The Royal Newfoundland Constabulary investigating the vishing scams reported that each victim said their grandchild had called, saying they were in an accident, and that they needed money to either pay for bail or legal fees. In all four cases, the imposter knew some personal details about the actual grandchildren — like where they live and work, and the names of other family members. One of the victims, CBC News is calling John said, “It was so convincing. I know my granddaughter’s voice, and it was her.”
Are You a Call Away from a Security Breach?
How secure is your organization when an attacker calls your frontline staff or your help desk? A skilled attacker on the phone can manipulate your staff with the finesse of a seasoned con artist.
Test. Educate. Protect.
Don’t wait for the attack—be proactive and secure your business with our Managed Vishing Service. The experts at Social-Engineer are certified professionals trained to duplicate the tactics of real attackers, which means your team learns to deal with genuine threats.
Real-time Adaptation of Conversations: Unlike static scripts that can’t replicate an attacker’s mind, our social engineers pivot and adjust their strategies during the call, just like a real visher would.
Authentic Experience: Your employees will be exposed to realistic scenarios, equipping them with the most relevant defense strategies against actual vishing attacks.
No Scripts, No Robocalls: Each call is genuinely unique, offering a realistic training experience without the impersonal touch of robocalls or the predictability of script-driven staff. Attackers are human, they adapt, and so must your defenses.
Don’t wait for the lesson to come from a real attacker. Be proactive and secure your human firewall now. By training your employees with our innovative program, you will significantly reduce the risk of a successful vishing attack on your organization. Your employees will develop a keen eye for suspicious calls, fostering a culture of security and vigilance throughout their workplace. Contact us to fortify your defenses and secure your business with our cutting-edge Managed Vishing Service.