Last updated on November 28, 2022

“Vishing attacks have increased significantly with more employees working from home”
News alert (www.techradar.com)

Vishing derives from ‘voice’ plus ‘phishing’.

Phishing is a notorious way of cheating people with the use of emails, regular phone calls or fake websites to steal their confidential personal information.

Vishers who engage in the act of vishing deceive people using an internet telephone service (VoIP) to call the targeted. Simply, vishing can be introduced as the phone version of email phishing.

Both Phishing and Vishing are types of social engineering.

Just like in phishing, tactics that make people scare or indicate urgency with emotional manipulation are used in vishing. The vishers act even creating fake Caller ID profiles (known as ‘Caller ID spoofing’) so that the phone numbers look very legitimate. When a call comes from a familiar number or a fixed line, people hardly find a reason to reject it.

Vishing aims at stealing your money, identity or both. Achieving vishers’ goals are even easier when employees of an organization work from home and are not physically next to each other. This remoteness helps vishers get close to employees, who work from home, claiming that they are from the IT division of the company and troubleshooting some issues with company’s VPN or something.

Through the voice calls, the vishers attempt to get you to reveal your user credentials (user name, password) most probably directing you to a website that looks exactly like the original website of the organization. ZeroFox’s Director of Threat Intelligence Zack Allen says that the vishers constantly target new hires even by creating fake LinkedIn profiles in order to make them feel that the occurrence is genuine.

Often two cybercriminals work together in vishing efforts. When one visher is on the call, the other tries to log into the VPN of the targeted organization using the information provided simultaneously. Though they fail initially, the data could be improved and used productively on their next attempt.

Social engineers consider vishing as a quite beneficial tool since the targeted person finds no time to rationally think of the circumstance over the phone. Sometimes the attackers do not encourage the preys to ask questions prior to gaining required information. Vishers are even good at confusing the targeted convincing that action has to be taken immediately or making them scared. It is noticed that the attacks may focus on all the employees or especially on the staff dealing with people outside the organization.

Moreover, it is advised that you must never reveal your credentials via email or over the phone to anybody, even to your organizations’ IT division, which should normally possess them.

References:
https://fraudwatchinternational.com/vishing/what-is-vishing/
https://www.techradar.com/news/new-wave-of-voice-phishing-attacks-targets-vpn-credentials
https://www.knowbe4.com/vishing