Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can vishing attacks be prevented?

Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.

Can you please explain what vishing is? What are the best ways to defend against vishing attacks?

Vishing is a form of voice over internet protocol (VoIP) phishing attack where a caller uses social engineering via a phone call or SMS message to convince a victim to provide the victim's credit card information. Due to the recent high-profile credit card breaches that have affected large parts of the U.S., vishing attacks are only going to become more common with attackers using the breach as the reason why the victim should dole out sensitive information.

While phone-based social engineering and fraud go back to the invention of the telephone, credit card fraud via phone dates back to at least 1985, if not earlier. Newer phone phishing attacks use SMS messages and interactive voice response systems, but are still just compromising individuals on a one-by-one basis. While these new attacks do increase the rate of compromise for individuals, they pale in comparison to malware attacks against Home Depot and other retailers. However, individual vishing attacks might be easier for less technologically sophisticated criminals to perform.

The first step -- but not the only step -- to defending against vishing is to help people understand that they need to verify that anyone requesting sensitive information is in fact legitimate. If someone believes they are being vish attacked, he or she should request to call back the original caller (or call center) using the phone number from a credit card statement or on the back of their card. If an individual receives call via Skype, VoIP or text, he or she should immediately call the financial institution in question at a legitimate phone number to report the call and verify no suspicious activity occurred on their accounts. People should never call back the number the questionable caller provided as this phone number may not be legitimate. Cardholders that believe they are being vished may also verify data only the credit card company would know, such as the last transaction or the balance on the account.

As with all phishing attacks, user awareness is the most important prevention tactic available. If employees are aware of what vishing attacks are, how they work and how to spot such attacks, they will be the best defense against them.

Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)

Next Steps

Gain further insight into the role of VoIP in phishing attacks.

Phishing, smishing, vishing -- learn all about social engineering attacks.

This was last published in November 2014

Dig Deeper on Social media security risks

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Call me old fashioned but I do not own a smart phone and have the old land line with caller ID at home. If the caller ID is blocked or "Out of area" I do not answer and they can leave a message. I will reverse look up the phone number to verify the caller or report to phone company it they call repeatedly. There is just TMI out there that people are giving away without their knowledge.
Cancel
I will go ahead and call you old-fashioned, Todd - but I won't call you paranoid. There are too many examples of where giving out too much information can come back to bite you. 
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close