Protection Against Vishing

Author: [email protected] 96 views

Are VISHING and PHISHING the same?

Phishing

Phishing is like old-times artillery: Cover a large area with grenades (e.g. calls/emails) and hope to hit someone who will respond positively to the call-to-action, such as by giving away account numbers and passwords.

Vishing

Vishing is like modern-times elite corps: Target a specific high-importance person, make very detailed plans, and execute with no reservations. Vishing is Voice Phishing.

What is Vishing?

Vishing or Vishing Attack is a new method of phone-based social engineering. It is when a criminal impersonates a victim to get relevant information such as personal information, bank account, financial information, credit card details, and all other sensitive data resulting to identity theft or data breach. As part of security awareness, we discuss the different types of Vishing. See below.

3 Different Ways Of Vishing And Where It Happens

  • Vishing victims through commercial channels pretending to be a consumer and tricks a customer support representative through a phone call to give away personal details like a bank account, social security, credit card, and all other financial numbers. Usually, they have a sense of urgency in their voice causing the privileged attendant to give out sensitive information.

  • Corporate Vishing Scams is where victims are tricked to give away company values like a password for the victim’s accounts or do transactions for the criminal’s interest like transferring money. This often happens in some employees and mostly in top management (CEO scams).

  • Another situation is where a voice phishing takes place when an important corporate user is being impersonated and calls a privileged user from the service desk to get the password for the target person = victim.

How IVM Stops These Attacks

Hackers’ tools now include voice changers for phone calls to fake target people’s voices, as well as telephone number spoofing and SMS copying. But hackers won’t succeed even with these techniques if helpdesk workers follow a strict workflow with multiple verification tests.

The MyPass Identity Verification solution controls the entire verification process. Collecting a lot of data automatically and instructs the service desk supporter what questions to ask. Based on algorithms for the different user groups, IVM will decide when the verification is complete. The hackers can’t win by using emotional tricks against the company service desk supporter on the other end!

For more about MyPass Identity Verification Manager: