Skip to content 
Voice phishing
Voice phishing
Every day businesses receive calls from various parties such as potential & existing customers, suppliers and colleagues.
But what if the person on the other end pretends to be such a party, but is not one at all?
In addition to classic email phishing, cybercriminals also employ voice phishing, better known as vishing.
In this social engineering attack, the attacker uses the phone to trick potential victims into pulling sensitive information, such as login credentials, financial data and/or other confidential data.
The attacker often poses as a trusted entity such as a bank employee, government official, technical support or representative of a well-known company.
However, especially in large organizations, an attacker may also pose as a colleague.
A single phone call can be enough for a cybercriminal to cause a major incident. Our voice phishing actions are a good measure of your organization’s awareness level and increase resilience against this form of phishing.
How does voice phishing work?
During the voice phishing attack, attackers use various manipulative tactics such as fear, urgency or helpfulness to pressure or entice victims to get them to provide the requested information. In doing so, cybercriminals use sophisticated social engineering techniques to gain victims’ trust and convince them that the call is legitimate.
Cybercriminals try to stay under the radar, and thanks to tools, they usually succeed. The success rate of a voice phishing attack is high. That’s because they use spoofing techniques, among other things. Caller ID spoofing involves using a legitimate phone number of an existing person or organization. Also, cybercriminals may call anonymously.
Therefore, it is very difficult to recognize at the other end of the line that you are dealing with a cybercriminal.
Why should my organization conduct a voice phishing test?
Organizations can train their employees to recognize voice phishing attacks and implement policies and procedures to protect sensitive information.
Voice phishing is hard to spot compared to other phishing methods. In NFIR’s voice phishing simulations, we mimic social engineering techniques and capitalize on human characteristics to obtain confidential data or get employees to perform certain actions.
We summarize the results of the research in a report and provide your organization with advice on how to guard against these attacks.
Strengthen your resilience against the most common technique used by cybercriminals
Become resilient against the most common technique used by cybercriminals
