We’ve all heard about phishing emails, but what about vishing? 📞
That’s short for voice phishing. It’s when a cyber criminal calls you and pretends to be someone else, like an IT technician, a bank employee, or even a government official.
The aim is to trick you into giving up sensitive information or granting them access they shouldn’t have.
And this isn’t something only small businesses need to worry about. Even big companies, like the tech giant Cisco, admit they were recently hit by a vishing attack.
A criminal was able to convince a Cisco employee that they were legitimate and gained access to a third-party system which Cisco uses to manage customer data. This included names, addresses, email addresses, phone numbers, and account IDs.
Fortunately, no passwords or confidential business information were stolen, but the data they did manage to take could still be misused.
Cyber criminals often sell this information on the dark web or use it themselves to create personalised and highly targeted phishing emails. Victims are much more likely to fall for phishing emails that contain valid information like real account details.
If a tech giant like Cisco can fall for vishing, then it should be a wake-up call for all businesses.
So, what can we do?
- Make sure the team is aware that cyber criminals use both emails and phone calls
- Verify callers that ask you to take action, especially if it’s to do with access, payments, or sensitive information
- Be cautious of emails or calls that require you do something urgently
Cyber criminals are becoming more sophisticated with impersonation via emails and phone calls. The best defence is awareness and enough scepticism to verify things before acting.
How confident are you that your team would know what to do, if someone called and pretended to be ‘IT support’?
Leave a comment!