While not a new tactic, vishing presents cybercriminals with an attack method that’s perfectly aligned with the pandemic shifts to remote workforces.
I’ve talked about vishing attacks previously, as we’ve seen them as a precursor to phishing attacks as well as standalone attacks intent on stealing information from the victim on the other end of the call.
According to the FBI, there were 114K reported victims of phishing/vishing/smishing attacks in 2019 that incurred a total loss of over $57 million. And according to the Federal Trade Commission, 2020 has seen over 128,000 phone-based fraud scams that cost victims a whopping $108 Million.
With organizations running some or all of their workforce remotely, the taking of phone calls on personal devices, and getting calls from numbers that would normally be identified by an internal digital phone system gives scammers an opportunity to leverage phone calls as yet another medium by which fraud can take place.
The only way to protect against these phone-based attacks is effective Security Awareness Training that educates employees on these tactics, and why it’s critical now, more than ever, for them to have their guard up, wary of any unsolicited phone call, no matter how good the story sounds coming from the other end.