Vishing, "voice phishing," attacks on organizations and IT Professionals increased over 550% from Q1 2021
Vishing is a callback phishing campaign in which hackers impersonate and target organizations through email and social media by asking individuals to call back a phone number, or leave voice messages, to schedule and solve a critical issue. In July 2022, cybersecurity company CrowdStrike issued an alert to its customers warning of a vishing campaign impersonating the company and implying that it had been breached. Since then, the threat group has been found to impersonate many more companies, such as MasterClass and Oracle, to lure them towards a payment operation or gain access to the victim's network.
As threat actors realize the success, efficiency, and targeting capabilities of vishing, the trend is likely to continue. Attackers are able to remotely install additional tools allowing them to spread alongside company networks to steal corporate data and potentially lead to a ransomware attack. According to Agari and PhishLabs latest Quarterly Threat Trends & Intelligence Report, vishing cases have increased by over 550% from Q1 2021 to Q1 2022. Social engineering and impersonation continue to be heavily relied on to trick victims into calling and interacting with fake representatives.
Recommended by LinkedIn
Best Practices to Avoid Vishing Attacks
As organizations adopt a variety of digital and communication channels, threat actors are finding ways to sneak through the window to exploit their victims and monetize their operations. To remain secure, look outside of your network perimeter and have visibility into all external channels to monitor threats. Follow the above practices and keep in touch with our TTT blogs for the latest security updates and trends!