Cybercriminals not only use the internet and email to gain access to sensitive information, they use telephones to their unlawful advantage. Vishing is the term for criminal attempts to influence action or gain confidential information over the phone using social engineering.

How it Works:

Criminals have the ability to call from a blocked, “spoofed,” or private number, making it easier to pose as a fellow employee, an authority figure, or any person or organization that you would commonly interact with.

Any information regarding the processes or technologies a company uses would assist in a breach of an organization. Information that you may not consider very sensitive, such as employee names, titles, or ID numbers, could certainly help these criminals.

Don’t Fall for These Phony Attempts

Think twice about giving out personal information to someone who claims to be from a different organization, or within your organization, unless you initiated the call yourself and you are certain the number called was valid. If someone contacts you requesting sensitive information, you can check the caller’s validity by asking to speak to their supervisor, or tell them you will call back, which will buy you time to investigate the request.

Vishing is not limited to gaining data from your organization, as vishers are also known to prey on your personal information. Remember to stop, look, and think before answering unfamiliar numbers, or before calling phone numbers you see in emails, internet ads, or pop-ups.

When it comes to defending your assets against digital threats and cyber criminals, it can seem impossible to protect yourself at every turn. But there is one way you can make a concrete change that will tighten up your security more than you realize: educating your people. Through a comprehensive security training program, including specific examples of methods hackers use – particularly phishing & vishing – you can drastically minimize the risk of an employee accidentally opening up a malicious e-mail or giving away sensitive information. When you make an effort to make the entire organization vigilant against cyber-attacks, you’re much less likely to be targeted.

To learn more about our Security Awareness Training, please visit: