Can you please explain what vishing is? What are the best ways to defend against vishing attacks?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Vishing is a form of voice over internet protocol (VoIP) phishing attack where a caller uses social engineering via a phone call or SMS message to convince a victim to provide the victim's credit card information. Due to the recent high-profile credit card breaches that have affected large parts of the U.S., vishing attacks are only going to become more common with attackers using the breach as the reason why the victim should dole out sensitive information.
While phone-based social engineering and fraud go back to the invention of the telephone, credit card fraud via phone dates back to at least 1985, if not earlier. Newer phone phishing attacks use SMS messages and interactive voice response systems, but are still just compromising individuals on a one-by-one basis. While these new attacks do increase the rate of compromise for individuals, they pale in comparison to malware attacks against Home Depot and other retailers. However, individual vishing attacks might be easier for less technologically sophisticated criminals to perform.
The first step -- but not the only step -- to defending against vishing is to help people understand that they need to verify that anyone requesting sensitive information is in fact legitimate. If someone believes they are being vish attacked, he or she should request to call back the original caller (or call center) using the phone number from a credit card statement or on the back of their card. If an individual receives call via Skype, VoIP or text, he or she should immediately call the financial institution in question at a legitimate phone number to report the call and verify no suspicious activity occurred on their accounts. People should never call back the number the questionable caller provided as this phone number may not be legitimate. Cardholders that believe they are being vished may also verify data only the credit card company would know, such as the last transaction or the balance on the account.
As with all phishing attacks, user awareness is the most important prevention tactic available. If employees are aware of what vishing attacks are, how they work and how to spot such attacks, they will be the best defense against them.
Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)
Gain further insight into the role of VoIP in phishing attacks.
Phishing, smishing, vishing -- learn all about social engineering attacks.
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.