What Is a Vishing Attack, and What Does It Look Like?
Vishing attacks can take many forms, but the hallmark of vishing is unsolicited telephone calls to your employees. Usually, these phone calls pretend to be from a legitimate organization that your company may work with already. More sophisticated vishing attacks will spoof the caller ID as well. Some examples of vishing attacks include:
- The bank scam. In this vishing attack, someone calls a representative of your company, pretending to be from the bank that processes your payroll checks. The scammer then claims that something has gone wrong with the payments: perhaps there was an error or a data breach. In this scam, the scammer’s ultimate goal is to get your company’s banking information (which can include usernames, passwords, bank account numbers, and more).
- The IRS scam. We’ve all gotten those robocalls that claim to be from the IRS. Most of these vishing attacks aren’t very sophisticated, opting instead to contact as many people in as short a period of time as possible, but some of them do spoof legitimate IRS phone numbers on the recipient’s caller ID.
- Tech support. Vishing attacks can also impersonate your own company. This is particularly common in spear-phishing and whaling attacks. The scammer usually claims that some work needs to be done on an employee’s computer, and then directs the recipient to a fraudulent website, where they download malware that infects their computer, potentially compromising the entire network.
Companies that maintain inbound call centers are at particular risk from vishing attacks, as they handle a high volume of calls daily, and many of them have policies that prohibit workers from being the ones to hang up. If you run an inbound call center, make sure to establish user verification and train your call center’s employees on the threat that vishing poses to your company.
Examples of Real-Life Vishing Attacks
Vishing attacks can devastate even the largest companies. Here are just a few examples of how vishing has changed the landscape of companies that do business on the Internet.
- Perhaps the most famous vishing attack was against Twitter in 2020. This attack targeted 130 verified…