Phishing is a widely known cybersecurity risk; you’ve probably heard of it. A cybercriminal sends a convincing email, complete with a link to what looks like a company’s website at first glance, only to attempt to obtain your login credentials for their own use. Over the past decade, consumers and businesses alike have been taking steps to protect themselves from this threat. What you may not know, however, is that there are various types of phishing attacks beyond those carried out exclusively over email. One such type is vishing.
What is vishing?
Vishing, a combination of ‘voice’ and ‘phishing’, is when a cybercriminal attempts to gain access to a system by obtaining credentials or other information over the phone. Most often, this will entail someone posing as a person you may trust enough to provide the details they ask for; for example, someone may pose as an Account Manager at a company you do business with.
The cybercriminal may not even attempt to get your username or password directly. Instead, he or she may engage in social engineering tactics, focusing on obtaining data that could provide them clues as to what your credentials might be and using those to guess a username or password.
How can you protect your business from vishing?
The core element of staying protected from vishing is taking care never to provide any credentials over the phone. Any request for a password or important credentials from someone over the phone should be treated with suspicion. Double-checking the information provided in a suspicious message can also help you ascertain if the communication is legitimate or not.
For example, if you receive an email posing as an organization whose services you’ve used before asking you to call a number provided, you can check that number against the organization’s publicly available customer service numbers, just as you might check the domain of a suspicious email address you receive. It’s also prudent to train your employees on the evolving risks surrounding cybersecurity fields like phishing and vishing. Some companies even go so far as to simulate cyberattacks like these in efforts to ensure that employees stay prepared for a fraudulent email or a phone call attempting to obtain sensitive information.
Interested in email security? Click here to read more about how Cyber Sainik’s Email Security offerings can help your business stay safe, or get in contact with us to talk about other elements of a consummate cybersecurity strategy.