Vishing: don’t get hooked during a call!
Home » Security » Vishing: don’t get hooked during a call!
Phishing remains popular and comes in all shapes and sizes. Vishing, or Voice Phishing, is one of them. In this blog, you will discover what it is exactly and how to protect your organisation against it!
What is Voice Phishing (Vishing)?
Vishing is a type of social engineering in which attackers impersonate trusted sources through phone calls. They use manipulative tactics to extract your confidential information. This can include financial data, passwords, personal details, and even trade secrets. Using a cunning approach, they penetrate your organisation through a phone call.
How does Vishing work?
- Building trust: The attacker often starts by building trust by posing as a known person or organisation, such as a bank employee, an IT support officer, or even a colleague.
- Create a sense of urgency: They can create a sense of urgency, for instance by saying that suspicious activity has been observed on your account. You are then more likely to take action.
- Requests for sensitive information: Next, they will ask for your confidential data, such as login details, PINs or credit card information.
How Vishing caused major damage
A phone call of barely 10 minutes was enough to completely bring casino giant MGM down. With a total value of a whopping $33,900,000,000, the organisation fell victim to a large-scale cyber attack due to a simple human error.
Both the hacker group Scattered Spider and Alphv/Black Cat claimed responsibility for this devastating attack. The question of who the real culprit is remains unclear. As investigations continue, MGM is losing huge sums of money daily. This disconcerting event sheds a sharp light on the dangers of Vishing. It also highlights the crucial role of user awareness and protection.
How can you protect your business from Vishing?
- Training and awareness: Make sure your employees are aware of Vishing attacks and teach them how to recognise them. At Safe-Connect, we provide you with goal-oriented targeted Cybersecurity Awareness Training!
- Two-step verification: Implement two-step verification for all corporate accounts. This provides an extra layer of security even if the login credentials are compromised.
- Introduce strict verification procedures: Ensure that strict procedures are in place for sharing sensitive information over the phone. Encourage employees to always verify who they are talking to.
- Use advanced security solutions: Finally, you can also invest in advanced cybersecurity solutions capable of identifying and blocking suspicious calls.
The better-known form of Phishing is via email. We previously wrote a blog on how to recognise Phishing emails!