Hello? Is That a Cybercriminal? A Look at Vishing Attacks

47% of organizations reported experiencing a vishing or social engineering attack in 2021 — let’s explore how artificial intelligence can catch your employees off guard and what you can do to avoid it.

Editor’s Note: This is a guest blog contribution from Keven Knight, Co-Founder and Chief Operating Officer (COO) at Talion. Knight shares his expert perspective on some of the ways cybercriminals are using vishing attacks to target organizations and what you can do to fight back.

With more than 3 billion domain spoofing (fake) emails sent worldwide every day, it’s no news that cybercriminals continue to rely on human intervention to access sensitive information and infiltrate networks. Social engineering banks on instinctual human traits and emotions to catch employees off guard when they least expect it, and it’s a tactic commonly used in voice phishing (vishing) attacks. Voice phishing is where cybercriminals use phone calls to trick or coerce targets into doing something they shouldn’t.

But why move from email to the phone? It may seem counter-intuitive — surely, you would know who is on the other side of the phone simply by the voice, but it’s not always the case. There isn’t always a “familiar” contact when it comes to banking institutions or an employee at a partnered company — or if there is, we aren’t always familiar with how they sound.

We believe the words, not the voice, and the words tell us to trust them. So, how should your employees work out if a phone call is legitimate? This article explores voice phishing — or, more specifically, a couple of different types of vishing — and what you can do to avoid falling prey to a vishing attack.

Let’s hash it out…