Security Awareness Training

    4 Simple Tips for Stopping Vishing

    With Cybersecurity Awareness Month here, we’re ready to help.

    by Michael Madon

    Human error is one of the leading barriers to effective cybersecurity. Casual security mistakes can lead to career-threatening results. Putting the right technology in place to improve your cybersecurity is important. However, an educated workforce that’s aware of the threats and knows how to prevent them is the last piece of the puzzle.

    You can teach employees what they need to know to keep your organization secure, and we’re here to help.

    As part of Cybersecurity Awareness Month in October, we’re bringing you a weekly series on common threats to strengthen your cyber resilience strategy.

    This week, we’re tackling the issue of how to avoid voice phishing (vishing). You can learn about other similar threats—and how to prevent vishing by downloading our cybersecurity awareness training kit.

    What is Vishing?

    In vishing, a cybercriminal contacts you by phone, impersonating someone in a position of authority. Vishing is similar to phishing, but the attack is delivered by phone instead of via email.

    Examples of Vishing

    The caller might pretend to be from the company’s IT or finance department, impersonate an executive or business partner, or claim to be from a software company such as Microsoft. The caller attempts to convince you to provide private information or take an action that can be used to compromise the company’s systems, or to steal from you personally.

    How to Prevent Vishing

    1. Verify unexpected phone requests in ways that aren’t connected to the incoming phone call. For example, use an official directory and another phone to call the company’s main office and ask to speak with the caller who is making the request.
    2. Be very suspicious of any caller who asks you to share login information over the phone.
    3. If a caller asks you to provide account data or personally identifiable information, refuse to do so — and report the contact to security.
    4. Security won’t call you to request that you change logins, passwords, or network settings. Any caller who makes this type of request is probably a scammer. Refuse the request and notify security.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top