No announcement yet.


  • Filter
  • Time
  • Show
Clear All
new posts

  • Vishing

    We define vishing as the “practice of eliciting information or attempting to influence action via the telephone.” Similar to phishing, the goal of vishing is to obtain valuable information that could contribute to the direct compromise of an organization by exploiting people’s willingness to help. Attackers can “spoof”, or forge, their outgoing phone number and pose as an authority figure, technician or fellow employee to obtain sensitive information that could lead to the compromise of an organization.

    They have a number of techniques at their disposal:
    Information: the criminals already have your name, address, phone number, bank details - essentially the kind of information you would expect a genuine caller to have
    Urgency: You are made to believe your money is in danger and have to act quickly - fear often leads people into acting without thinking
    Phone spoofing: The phone number appears as if it's coming from somewhere else, so when you pick up the phone you already believe the caller because the number is convincing
    Holding the line: In some cases, the criminals can hold your telephone line, so if you hang up to call back the bank, you can get put straight back to the fraudsters.
    Atmosphere: You hear a lot of background noise so it sounds like a call centre rather than a guy in a basement - they either do have a call centre, or are playing a sound effects CD

    Certified Security Geek