Voice Phishing (Vishing)

Vishing, short for “voice phishing,” is a type of social engineering technique that leverages voice communication technology. In a vishing attack, threat actors or “vishers” use fraudulent phone numbers, voice altering software, and other social engineering tactics to entice people to divulge personal and sensitive information over the phone. Advanced vishing attacks exploit Voice over Internet Protocol (VoIP) technology to create fake phone numbers and spoof the caller ID so that the call appears to be from legitimate companies or institutions. VoIP makes it easy for vishers to automate hundreds of scam calls over the internet and these numbers are hard to trace.

Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as “Letscall.”  The criminals behind “Letscall” employ a multi-step attack to deceive victims into downloading malicious apps from a fake imitation of Google Play Store website.

Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. Trained operators posing as bank employees then extract sensitive information from unsuspecting victims. To facilitate the routing of voice traffic, “Letscall” uses technologies such as voice over IP (VOIP) and WebRTC.

KnowBe4 | NEW! Callback Phishing Feature (Vishing)

KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.

KnowBe4 has just launched Callback Phishing!

Callback phishing campaigns allow you to see how likely users are to call unknown phone numbers and share sensitive information.

With these campaigns, you can help prepare your users for real callback phishing attacks, also known as reverse vishing attacks.

Explore how probable it is for users to call unfamiliar phone numbers and disclose sensitive details through callback phishing campaigns. These campaigns assist in readying your users for actual callback phishing, also recognized as reverse vishing attacks.

In these campaigns, users receive an email containing a phone number and a callback code. Initiating a call to the provided phone number prompts users to enter the specified callback code. Upon entering the code, they will be prompted to provide personal information.

IT pros have realized that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall.

Train your users, Phish your users, See the results.

Contact us today to learn more and get started.

Latest Articles