Vishing, or voicemail phishing, is the act of committing voicemail fraud to try to steal personal information. Similar to phishing, cybercriminals use vishing, the fraudulent attempt to steal credit card details or other sensitive information, by disguising as a trustworthy organization or reputable person in a voicemail message.
With vishing, cybercriminals use an urgent or alarming voicemail message to try to get potential victims to call back with their personal information. Fake caller-ID information is often used to make the calls appear to be from a legitimate organization or business.
Vishing is popular with cybercriminals because it enables them to steal sensitive financial and personal information without having to break through the security defenses of a computer or network. Public awareness about phishing, vishing and other attacks has grown in recent years, as a variety of incidents have received media coverage.
How Vishing Works
Vishing uses social-engineering techniques to lure email recipients into revealing personal or financial information. For example, during the holidays, you get a voicemail pretending to be from a well-known retailer telling you to go to call back to verify your billing information or your package won’t be shipped in time to make it your gift recipient. The only problem is that the fake voicemail is providing you with a fake telephone number to call back, where the information you provide will be used to commit identity theft, fraud and other crimes. Similar scams involve fake messages from cybercriminals claiming to be from major computer companies, the IRS, just about any legitimate source they can try to impersonate.
Other Common Cybercrimes
As cyber security continues to improve due to education and awareness, cybercriminals continue to improve attacks and develop new scams. Here’s more information about some common types of attacks.
Spear phishing attacks target individuals or small groups with access to sensitive information or the ability to transfer funds. Spear-phishing emails typically appear to come from someone the target knows, such as a co-worker at their company or another business in their network.
Whaling is a spear-phishing attack that specifically targets senior executives at a business.
Smishing, also known as SMS phishing, uses text messages to try to lure victims into revealing account information or installing malware.
Educating employees about the dangers of vishing is a critical component of cyber security for any business. User security awareness training helps every employee recognize, avoid, and report potential threats that can compromise critical data and systems. As part of the training, mock phishing, vishing and other attack simulations are typically used to test and reinforce good behavior.
- White Paper: Best Practices for Protecting Against Phishing, Ransomware and Email Fraud
- White Paper: Evolution of Spear Phishing
How Barracuda Can Help
Barracuda Security Awareness Training helps your business fight phishing and other social-engineering attacks by providing users with continuous simulation and training to understand the latest attack techniques, recognize subtle clues, and help stop email fraud, data loss, and brand damage.
Have questions or want more information about Vishing? Get in touch right now!