Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 24, 2018

With Cybersecurity Awareness Month here, we’re ready to help.

Human error is one of the leading barriers to effective cybersecurity. Casual security mistakes can lead to career-threatening results. Putting the right technology in place to improve your cybersecurity is important. However, an educated workforce that’s aware of the threats and knows how to prevent them is the last piece of the puzzle.

You can teach employees what they need to know to keep your organization secure, and we’re here to help.

As part of Cybersecurity Awareness Month in October, we’re bringing you a weekly series on common threats to strengthen your cyber resilience strategy.

This week, we’re tackling the issue of how to avoid voice phishing (vishing). You can learn about other similar threats—and how to prevent vishing by downloading our cybersecurity awareness training kit.

What is Vishing?

In vishing, a cybercriminal contacts you by phone, impersonating someone in a position of authority. Vishing is similar to phishing, but the attack is delivered by phone instead of via email.

Examples of Vishing

The caller might pretend to be from the company’s IT or finance department, impersonate an executive or business partner, or claim to be from a software company such as Microsoft. The caller attempts to convince you to provide private information or take an action that can be used to compromise the company’s systems, or to steal from you personally.

How to Prevent Vishing

  1. Verify unexpected phone requests in ways that aren’t connected to the incoming phone call. For example, use an official directory and another phone to call the company’s main office and ask to speak with the caller who is making the request.
  2. Be very suspicious of any caller who asks you to share login information over the phone.
  3. If a caller asks you to provide account data or personally identifiable information, refuse to do so — and report the contact to security.
  4. Security won’t call you to request that you change logins, passwords, or network settings. Any caller who makes this type of request is probably a scammer. Refuse the request and notify security.

Subscribe to our blog to keep up to date with the latest cybersecurity news, information, tips and analysis.

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 24, 2018

You may also like:

Cyber Risk, Cyber Insurance and Reducing Human Error

Here's the deal with cyber insurance. Co…

Here's the deal with cyber insurance. Companies evaluating c… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 16, 2018

No One Wants to Deal with Data Leaks…No One

With Cybersecurity Awareness Month here,…

With Cybersecurity Awareness Month here, we’re ready to help… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 02, 2018

Cyber Awareness Lessons Learned on a Train Ride

Users: here’s how not to handle an…

Users: here’s how not to handle an email security inci… Read More >

Bradley Sing

by Bradley Sing

Technical Consultant

Posted Jul 18, 2018