Vishing, "voice phishing,"​ attacks on organizations and IT Professionals increased over 550% from Q1 2021

Vishing, "voice phishing," attacks on organizations and IT Professionals increased over 550% from Q1 2021

Vishing is a callback phishing campaign in which hackers impersonate and target organizations through email and social media by asking individuals to call back a phone number, or leave voice messages, to schedule and solve a critical issue. In July 2022, cybersecurity company CrowdStrike issued an alert to its customers warning of a vishing campaign impersonating the company and implying that it had been breached. Since then, the threat group has been found to impersonate many more companies, such as MasterClass and Oracle, to lure them towards a payment operation or gain access to the victim's network.

Example of a phishing letter sent out impersonating CrowdStrike

Example of phishing email impersonating CrowdStrike

As threat actors realize the success, efficiency, and targeting capabilities of vishing, the trend is likely to continue. Attackers are able to remotely install additional tools allowing them to spread alongside company networks to steal corporate data and potentially lead to a ransomware attack. According to Agari and PhishLabs latest Quarterly Threat Trends & Intelligence Report, vishing cases have increased by over 550% from Q1 2021 to Q1 2022. Social engineering and impersonation continue to be heavily relied on to trick victims into calling and interacting with fake representatives.

Best Practices to Avoid Vishing Attacks

  • Social media impersonations have increased by 339% with executive impersonations reaching 273%. It's best to double-check the company's profile and cross-check with an existing department before making any important decisions.
  • Threat actors are relying on paid and compromised services to stage their phishing attacks as of Q1 2022. If you receive any emails indicating an end-of-service or subscription renewal by phone contact, it's best to double-check by logging into your account or calling a legitimate representative.
  • With remote and hybrid schedules, phishing emails have found mass success. To prevent attacks, ensure that vishing/callback phishing is covered in employee training while providing various examples such as internal phishing simulations.

As organizations adopt a variety of digital and communication channels, threat actors are finding ways to sneak through the window to exploit their victims and monetize their operations. To remain secure, look outside of your network perimeter and have visibility into all external channels to monitor threats. Follow the above practices and keep in touch with our TTT blogs for the latest security updates and trends!

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics