Security hints and tips: Vishing
Security hints and tips: Vishing
Cybercriminals not only use the internet and email to gain access to sensitive information, they use telephones to their
unlawful advantage. Vishing is the term for criminal attempts to influence action or gain confidential information over
the phone using social engineering.
How it Works:
Criminals have the ability to call from a blocked, “spoofed,” or private number, making it easier to pose as a fellow
employee, an authority figure, or any person or organisation that you would commonly interact with.
Any information regarding the processes or technologies a company uses would assist in a breach of an organisation.
Information that you may not consider very sensitive, such as employee names, titles, or ID numbers, could certainly help these
criminals.
Don’t Fall for These Phony Attempts
Think twice about giving out personal information to someone who claims to be from a different organisation, or within your
organisation, unless you initiated the call yourself and you are certain the number called was valid. If someone contacts you
requesting sensitive information, always verify that the source is legitimate before providing the information. If the caller
claims they are from a different organisation, you can compare the caller's phone number to the phone number listed on the
organisation's official website. If the caller claims they are from your organisation, you can compare the caller's
phone number to the phone number listed in your organisation's internal directory.
Vishing is not limited to gaining data from your organisation, as vishers are also known to prey on your personal
information. Remember to stop, look, and think before answering unfamiliar numbers, or before calling phone numbers you see
in emails, internet ads, or pop-ups.