Vishing is a type of phishing scam that takes place over the phone. It attempts to con individuals into surrendering personal information such as passwords, card details and PINs, which can be used for identity theft.
How does vishing work?
In vishing scams, fraudsters use social engineering techniques to obtain victims’ information. Posing as someone from a trusted organisation, such as a bank, they will create a sense of urgency, pressuring the recipient into giving up their details before they have a chance to think about what they are doing.
Your organisation’s HR manager receives a phone call from someone claiming to be from the bank. The HR manager is informed that a data breach may have exposed her personal information and is asked to give her username and password to access the company account so that it can be checked. Thinking the call is legitimate, the HR manager gives the caller all the details.
In this scenario, the caller tries to panic the HR manager with news of a data breach.
How to avoid vishing in your organisation
It can be very difficult to spot a vishing attempt. It’s important to remember not to give out any information about yourself in response to an unsolicited phone call, no matter how harmless it seems.
If you do fall victim, you must take immediate steps to protect your information, such as changing your password(s), contacting your bank and checking your bank operations.
Reduce the chances that an employee will hand over confidential information or inadvertently infect your systems with our interactive e-learning course. It will help employees identify and understand phishing scams, including vishing, explains what could happen should they fall victim, and shows them how they can mitigate the threat of an attack.