Vishing, or Pretext Calling, is a voice calling technique in which an attacker calls a target and, under the pretense of false authority, tries to obtain sensitive information. This information can be subsequently used to gain access to privileged information and resources. Vishing works most effectively when an attacker establishes personal connections with a target user. This technique is gaining traction over the last few years with more and more hackers utilizing the same.
Since voice calls lend themselves to establish instant human connections, vishing is a powerful coercion mechanism. Traditional phishing often does not identify specific prospective victims in advance, whereas vishing involves targeting particular individuals. Employees in public-facing roles such as Helpdesk employees or Customer Service Representatives are at the highest risk of being attacked through this technique.
Vishing engagements help expose how a malicious actor might use direct phone calls to elicit information from your employees. By identifying the level of risk – and educating users appropriately – this human-specific threat can be mitigated.