What is Vishing?
Voice phishing, also known as vishing, is the practice of eliciting information or attempting to influence action via the telephone.(from hhs.gov site)
Recently, a large U.S. company fell victim to a cyber attack that leveraged sophisticated phishing techniques involving phone calls to gain access to the victim organization.
Phishing campaigns continue to be an effective way to gain unauthorized access to target networks by both cybercriminal and state-sponsored threat actors. According to security vendor Agari, the use of ‘hybrid vishing’ saw a massive 625% growth in Q2 2022. Hybrid vishing threats, also referred to as “callback phishing,” are multi-stage attacks that differ from traditional vishing by first interacting with the victim via email.
The key to a good defense of social engineering methods by the hackers and criminals is education and awareness.
A security policy is important in setting the tone – and the ongoing improvement of general security practices is important in setting the tone.
In this environment one has to also introduce the security awareness/ phishing training.