Voice phishing

Every day we receive calls from multiple parties: potential customers, existing customers, suppliers, colleagues, and sometimes from a party we would rather not speak to: cybercriminals. In addition to classic mail phishing, cybercriminals often use voice phishing. In this social engineering attack, the attacker uses the phone to trick victims. A simple phone call can be enough for them to cause a major incident. Our voice phishing actions are a good gauge of your organization’s current level of awareness and create increased resilience against hard-to-recognize form of phishing.

Voice phishing

How does voice phishing work?

Cybercriminals are always trying to stay under the radar, and thanks to tooling, they usually succeed. The success rate of a voice phishing attack is high. That’s because they often use spoofing techniques. Spoofing involves using a legitimate phone number of an existing person or organization. It is therefore very difficult to recognize on the other end of the line that you are dealing with a cybercriminal. The attacker’s goal is simple: gather personal and sensitive information. They achieve this goal by employing multiple social engineering techniques in addition to spoofing. For example, they usually conduct research before contacting a person or organization. During the research phase, they steal your data from a company with which you business – such as your bank, credit card company or utility company. Once they have your information, they call you to pretend to be someone from the company you did business with. They may try to get you to give additional information about yourself over the phone. Scammers may pretend there was a security breach at their organization and ask you for information so they can confirm who you are and prevent others from using stolen identities. They can also pretend that routine maintenance is just going on in their business and ask for personal information so they can get it without making an official request through channels that might alert security personnel. In addition to the role of business associate, the role of colleague or family member is employed. Vishing is serious and can be difficult to recognize at first glance.

Why should my organization conduct a voice phishing test?

Voice phishing, relative to other forms of phishing, is very difficult to detect. Through sophisticated tools and techniques, the attacker’s true identity is well concealed. However, it is a common phishing method that puts the attacker in direct contact with humans. After all, this direct contact provides opportunities that attackers can make good use of. In our voice phishing tests, we mimicked social engineering techniques that capitalize on the human ability to obtain confidential data or get employees to perform certain actions. In addition, we will work with you to come up with a role that one of our ethical hackers will take on. The scope is always determined with you. By simulating authentic voice phishing attacks as much as possible, you get a realistic picture of your organization’s current level of awareness. The result of a voice phishing test provides a good basis for taking targeted measures in line with laws and regulations and that match your organization’s pain points. Current AVG laws and regulations require organizations to take appropriate measures to eliminate cyber risks as much as possible.

Become resilient against the most common technique used by cybercriminals

Become resilient against the most common technique used by cybercriminals

Also check out our other security awareness services