Voice phishing

Cybercriminals use phone calls and voicemail messages to trick victims.
NFIR beeldmerk kleur
NFIR beeldmerk kleur

Voice phishing

Cybercriminals use phone calls and voicemail messages to trick victims.

Every day, businesses receive calls from various parties such as: potential & existing customers , suppliers, colleagues, and sometimes from a party we would rather not speak to and unknowingly speak to: cybercriminals.
In addition to classic mail phishing, cybercriminals often deploy voice phishing, also known as “vishing.

Voice phishing

In this social engineering attack, the attacker uses the phone to trick potential victims into obtaining sensitive information, such as login credentials, financial data and/or other confidential data. The attackers often pose as trusted entities such as: bank employee, government officials, technical support or representatives of well-known companies.

A single phone call can be enough for a cybercriminal to cause a major incident. Our voice phishing actions are a good gauge of your organization’s current level of awareness and increase resilience against hard-to-find forms of phishing.

How does voice phishing work?

During the voice phishing attack, attackers use various manipulative tactics such as fear, urgency or threat to pressure the victims and get them to provide the requested information. These attacks can be carried out via phone calls, voicemail messages or automated calls asking victims to dial a specific phone number. In doing so, cybercriminals use sophisticated social engineering techniques to gain victims’ trust and convince them that the call is legitimate.

Cybercriminals try to stay under the radar, and thanks to tools, they usually succeed. The success rate of a voice phishing attack is high. That’s because they use spoofing techniques, among other things. Caller ID spoofing involves using a legitimate phone number of an existing person or organization. It is therefore very difficult to recognize on the other end of the line that you are dealing with a cybercriminal.

The cybercriminal’s goal is simple: gather personal and sensitive information, preferably as unobtrusively as possible. Vishing is serious and can be difficult to recognize at first glance.

Why should my organization conduct a voice phishing test?

Organizations can train their employees to recognize voice phishing attacks and implement policies and procedures to protect sensitive information.

Voice phishing is hard to spot compared to other phishing methods. In NFIR’s voice phishing simulations, we mimic social engineering techniques and capitalize on human characteristics to obtain confidential data or get employees to perform certain actions. In addition, a scenario is devised together with the client, which one of our ethical hackers will execute. This gives the organization a realistic picture of its current level of awareness. The results of these studies are often surprisingly effective. We clearly present the results in a report. This summary report also provides tailored advice that is consistent with the findings.

Strengthen your resilience against the most common technique used by cybercriminals

Become resilient against the most common technique used by cybercriminals

Also check out our other security awareness services


De volgende 30 minuten van cruciaal belang​!

De eerste 30 minuten na een cyber security incident zijn cruciaal omdat snelle reactie de schade kan beperken, verdere verspreiding van de aanval kan voorkomen en essentieel bewijsmateriaal veiliggesteld kan worden voor onderzoek en herstel.

Onze Computer Emergency Response Teams (CERT) staan 24/7 klaar om bedrijven en organisaties te ondersteunen bij IT-beveiligingsincidenten.

Heeft uw bedrijf professionele hulp nodig bij een beveiligingsincident? 


The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because rapid response can limit damage, prevent further spread of the attack and secure essential evidence for investigation and recovery.

Our Computer Emergency Response Teams (CERT) are available 24/7 to support businesses and organizations during IT security incidents.

Does your company need professional help with a security incident?