Vishing assessments are a critical step in understanding how hackers might exploit voice calls to elicit privately held information from your employees. Intellisec Solutions’s vishing assessments can help you identify the level of risk and even safeguard your environment by educating your employees in mitigating this threat.
Vishing, or Pretext Calling, is a voice calling technique in which an attacker calls a target and, under the pretense of false authority, tries to obtain sensitive information. This information can be subsequently used to gain access to privileged information and resources. Vishing works most effectively when an attacker establishes personal connections with a target user. This technique is gaining traction over the last few years with more and more hackers utilizing the same.
Since voice calls lend themselves to establish instant human connections, vishing is a powerful coercion mechanism. Traditional phishing often does not identify specific prospective victims in advance, whereas vishing involves targeting particular individuals. Employees in public-facing roles such as Helpdesk employees or Customer Service Representatives are at the highest risk of being attacked through this technique.
Vishing engagements help expose how a malicious actor might use direct phone calls to elicit information from your employees. By identifying the level of risk – and educating users appropriately – this human-specific threat can be mitigated.
This is a pre-engagement phase where the purpose and scope of the assessment are determined jointly with your organization. An outline of the project at hand is built based on questions such as:
Since social engineering attack techniques are used in combination, it is imperative that assessment and mitigation efforts follow an integrated approach. Intellisec Solutions’s methodology is holistic, and we try to assess your environment from several angles – phishing, vishing (voice phishing), SMShing (SMS text message phishing), and even on-site physical attacks.
