In a vishing simulation, we call employees within your organization to extract sensitive information.
Why a vishing simulation?
Although e-mail phishing is still the most popular attack method of scammers, other forms of phishing are also increasing rapidly. After all, attackers evolve just as technology does. For example, today there is smishing, vishing and many other forms of threat. Are you aware of all these different variants? But perhaps more importantly, are your employees?
Telephone phishing, or vishing, is gaining in popularity. This form is often a lot more sophisticated and employees are less wary during a phone call.
How does vishing affect your organization
A vishing simulation is an important tool to alert employees to any potential phishing. Perhaps your employee tells you what type of printer is at your company. Suddenly, a few days later, a technician shows up at the front desk to perform maintenance on the printer. By then installing rogue software, print data can end up in the hands of criminals.
Another well-known example is a bank teller or CEO who calls asking to make a payment. Through spoofing, criminals can at least make it appear that they are actually who they pretend to be. Through research on social media, a criminal can prepare tremendously well, making the call feel familiar.
In vishing, purpose is not much different from other forms of phishing: to gather sensitive information. The goal in vishing is not necessarily to gain direct access to the information. Vishing is a form of social engineering in which information is gathered bit by bit. Eventually, this information is used for the end goal, the scam.
During the simulation, the phisher may try to obtain confidential information, such as login credentials, passwords or credit card information. Of course, the do’s and don’ts of the simulation are coordinated with you in advance.
Our goal with a vishing simulation is to create security awareness among your employees. As an organization, you want your employees to show long-term behavioral change and identify an attack early.
How does a vishing simulation work?
During a vishing simulation, we simulate, with you, a realistic scenario in which employees are approached by a “phisher” via a phone call. The phisher may pose as a colleague, a customer, an IT employee or another trusted entity to deceive the victim.
Upon completion of the vishing simulation, your organization will receive performance feedback and be instructed on the appropriate steps individuals within your organization should take to prevent phishing. This may include reporting suspicious calls to the IT department or following internal security procedures.
In addition to a vishing simulation, you can also choose a smishing simulation or phishing simulation. All of these forms are part of the subject of social engineering. Because humans are often the most vulnerable link within the organization, this is where most attention should be paid.
How does vishing work?
Vishing takes place over the telephone. Scammers phone in the name of an organization or person. Also with vishing, there is always a request for (sensitive) information or an action to be taken. Using the information received, the scammer then completes his attack.
How do you recognize vishing?
Vishing can be recognized in much the same way as phishing. What you do need to watch out for with vishing is that scammers can spoof phone numbers.