A Tale of the Three *ishings: Part 3 – What is Vishing?

Over the past two decades, the security industry has made significant strides in using technology to secure technological assets. However, the human factor in cybersecurity often remains overlooked. Consequently, cyber attackers have shifted their focus from targeting technology to targeting people. Among the various methods they employ, the three most common are phishing, smishing, and vishing. This blog series delves into these methods, the tactics and techniques used by cyber attackers, and how you can protect yourself.


What is Vishing?

Vishing, short for voice phishing, involves cyber criminals making phone calls to deceive individuals. Unlike phishing, which uses emails, vishing relies on phone calls or voicemail messages to trick people into revealing sensitive information, such as passwords or credit card details.

The rise in random voicemails and phone calls asking for passwords or payments is due to the difficulty organizations face in securing personal mobile devices. Security teams often lack the visibility and control over personal phones that they have over workstations, making mobile devices a vulnerable target.

Vishing attacks are challenging to identify and filter. As a result, when a cyber attacker calls a potential victim, the call is more likely to reach its target. Over the phone, attackers can create a sense of urgency and trust that is harder to achieve through email or text, making these attacks more effective and profitable.


Common Vishing Attacks

Vishing attacks come in various forms, but here are the most prevalent types:

1. Tech Support Calls Cyber attackers impersonate IT support, calling individuals and requesting their passwords to “reset” accounts. These attackers sound convincing and aim to manipulate victims into divulging sensitive information.

2. Government Agency Calls Attackers pose as government officials, claiming that the victim owes taxes and must pay immediately to avoid jail time. Their goal is to obtain credit card details and money.

3. Tech Support Callbacks Instead of making the initial call, attackers trick victims into calling them. This approach bypasses phone call filters and builds inherent trust, increasing the likelihood of success. They may send texts or emails prompting the victim to call a provided number, leading to the theft of information like PayPal passwords.

4. Automated Calls Automated calls, or robocalls, deliver messages about expired warranties, approved refunds, undelivered packages, or suspicious charges. These broad attacks target millions, akin to generic phishing emails.



Protecting Against Vishing Attacks

Despite the focus on phishing in many security training programs, voice-based vishing attacks require equal attention. Employees well-versed in email-based threats might overlook voice-based ones. Rather than detailing every vishing tactic, training should emphasize recognizing common indicators of vishing attacks, applicable to both vishing and other phishing methods.


Key Indicators of Vishing Attacks:

  • Urgency: Calls that create a sense of urgency, pressuring victims to act quickly and make mistakes. For instance, the government will never call about overdue taxes; they send official documents by mail.
  • Pressure: Calls that pressure individuals to bypass company policies, such as someone pretending to be IT support demanding a password.
  • Curiosity: Calls that pique curiosity or sound too good to be true, like messages about undelivered packages or unexpected refunds.
  • Tone: Calls that sound off, with the caller’s words or tone not matching those of a genuine coworker or friend.

Vishing is becoming a favored attack method due to its simplicity and effectiveness. By educating your workforce about vishing and its common indicators, you can significantly reduce the risk of falling victim to such attacks.


Source: https://www.sans.org/blog/a-tale-of-the-three-ishings-part-3-what-is-vishing/


About DT Asia

DT Asia began in 2007 with a clear mission to build the market entry for various pioneering IT security solutions from the US, Europe and Israel.

Today, DT Asia is a regional, value-added distributor of cybersecurity solutions providing cutting-edge technologies to key government organisations and top private sector clients including global banks and Fortune 500 companies. We have offices and partners around the Asia Pacific to better understand the markets and deliver localised solutions.

Related Articles

Crucial backup strategies to defend against ransomware attacks

Ransomware payouts are trending upward once again. According to Chainalysis, a cryptocurrency tracing firm, 2021 saw ransomware payments reach nearly $1 billion—a record high. While there was a decline in 2022, the trend reversed in 2023, with estimated payouts approaching $900 million. This increase in ransomware activity can be attributed to the intensified operations of […]

API monetization models: Strategies to leverage APIs for greater revenue

API monetization models showcase strategies and tactics for using APIs to generate revenue, impacting the bottom line both directly and indirectly. In this blog, we’ll define API monetization, explore different monetization models, and delve into a classic case study. Additionally, we’ll discuss various use cases and steps to consider when designing your API strategy for […]

syslog-ng Store Box Splunk/HEC and Sentinel destinations

The syslog-ng Store Box (SSB) appliance is built on syslog-ng Premium Edition (PE). SSB inherits most of syslog-ng PE’s features and makes them available with an easy-to-use graphical user interface. One of the typical use cases for SSB (and syslog-ng PE) is optimizing the logging infrastructure for SIEM / log analysis. Two recently introduced SSB […]

Taiwan CyberSec event

Reflecting on an incredible experience at the Taiwan CyberSec event! 🌟 Engaging discussions, groundbreaking insights, and invaluable connections made this event unforgettable. Thank you to all the participants, speakers, and organizers for contributing to this dynamic exchange of ideas. Let's continue working together to enhance cybersecurity worldwide! #DTAsia

ThriveDX: Meet-and-Greet with Partners in Jakarta

ThriveDX organised a Meet-and-Greet session at Kedai Kopi Tenong in Jakarta, together with PT Mega Cyber Security on September 5th. Thank you to the partners who attended the event: PT Alumagubi Raya Indonesia – Franky Yap, Robby Hartana Docotel – Nico Amon, Yudis Tuasamu PT Global Intikarya Sejahtera (GIS) – Ronald Romein, Lhesli Wuisang Nusantara […]

Contact DT Asia Group Hong Kong

Address: Unit 929, Kowloon Bay Industrial Centre,
15 Wang Hoi Road, Kowloon Bay, Hong Kong
Tel: +852 58010001

Like Our Facebook Page :)