Security Awareness Training

    4 Tips to Stop Vishing

    With Cybersecurity Awareness Month here, we’re ready to help.

    by Michael Madon

    Human error is one of the leading barriers to effective cybersecurity. Casual security mistakes can lead to career-threatening results. Putting the right technology in place to improve your cybersecurity is important. However, an educated workforce that’s aware of the threats and knows how to prevent them is the last piece of the puzzle.

    You can teach employees what they need to know to keep your organization secure, and we’re here to help.

    As part of Cybersecurity Awareness Month in October, we’re bringing you a weekly series on common threats to strengthen your cyber resilience strategy.

    This week, we’re tackling the issue of how to avoid voice phishing (vishing). You can learn about other similar threats—and how to prevent vishing by downloading our cybersecurity awareness training kit.

    What is Vishing?

    Vishing is a type of phishing attack that specifically targets victims over the phone. Like traditional phishing attacks, vishing attempts to trick victims into giving up personal information like passwords or credit card numbers. They may pose as representatives from a bank or other organization and attempt to collect sensitive information or get victims to unwittingly download malware onto their computers. Vishers may also take advantage of robocalling technology to automate their attacks. 

    Vishing Scam Techniques

    We all know that some people are more trustworthy than others. Even when the caller claims they work for a company you’ve done business with, there's always a chance it could be a scammer trying to get hold of sensitive information. 

    Take this vishing scam scenario: A caller contacts you by phone claiming to be from your payroll company's ACH department. They inform you that there has been an issue with direct deposits for your company and they need you to release account information to resolve the issue. Presenting a believable story, the scammer can dupe you into sharing sensitive data such as social security and banking account details that can then be used to commit fraud. 

    While this is only one likely scenario, there are many other stories vishing scammers use to obtain sensitive information. If you receive a suspicious phone call, hang up and call the organization directly to verify the caller’s identity. You can also visit the organization’s website to look for contact information. If you think you may have been a victim of vishing, report it to the FTC immediately.

    How to Prevent Vishing

    1. Verify unexpected phone requests in ways that aren’t connected to the incoming phone call. For example, use an official directory and another phone to call the company’s main office and ask to speak with the caller who is making the request.
    2. Be very suspicious of any caller who asks you to share login information over the phone.
    3. If a caller asks you to provide account data or personally identifiable information, refuse to do so — and report the contact to security.
    4. Security won’t call you to request that you change logins, passwords, or network settings. Any caller who makes this type of request is probably a scammer. Refuse the request and notify security.


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top