Don't Neglect the Threat of Vishing

Vishing AttackPeople need to help raise awareness about voice phishing scams, or vishing, according to Paul Ducklin at Naked Security. While phone scams have been around for years, they remain effective and people continue to fall for them. Someone who would be suspicious of an unexpected email might be more trusting when there’s a human voice at the other end of the line.

“Never let yourself get suckered, surprised, or seduced into taking any direct action on the basis of a phone call you weren’t expecting from a person whose voice you don’t recognise with certainty,” Ducklin writes. “It doesn’t matter where the call claims to originate. Anyone can say they are from your bank, a hospital, the tax agency, a coronavirus track-and-trace service, the local police station, or the lottery company. Whether the caller is giving you bad news or good, you have no way of verifying anything that’s said to you from information offered up in the call itself.”

Ducklin adds that when you receive an unsolicited phone call from someone asking for information or trying to get you to do something, you should hang up and call the organization that the caller claimed to work for.

“Whether you are worried about a fraudulent transaction, scared about a tax problem, or excited about what could be a lottery win, here’s what to do: find a number to call back by yourself, using contact information you already have on record,” Ducklin says. “Your last tax return should have a tax office contact number on it; your credit card should have a fraud reporting number on the back; most hospitals have a central contact number that can be double-checked online; and so on. Never rely on information read out to you in a call, or sent in an email, or delivered via SMS, as a way of deciding whether to believe the message or the call.”

New-school security awareness training can teach your employees about social engineering techniques so they can avoid falling for these tricks.

Naked Security has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews