Vishing

From ACT Wiki
Jump to navigationJump to search

Cybercrime.

Abbreviation for voice phishing.

Voice phishing is a cybercrime that uses social engineering and the telephone system.

In its simplest form, the criminal uses phone calls to gain access to private personal and financial information from the public for the purpose of financial fraud.

Vishing is also used by attackers for reconnaissance purposes, to gather intelligence about a target organisation for use in future attacks.


Fraud trending to social engineering and larger target organisations
"The main attack focus over the past year has continued to be the trend of shifting away from malware to social engineering attacks.
Social engineering attacks, phishing and vishing attempts are still increasing and they remain instrumental often in combination with malware.
Whereas in the past consumers, retailers and SMEs had been the main focus, the last year more and more company executives, employees (through CEO fraud), financial institutions and payment infrastructures appear to become preferred targets."
Payments Threats and Fraud Trends - European Payments Council - 2021.


Controls and mitigations to counter vishing and other social engineering threats include:

  • Awareness campaigns for consumers, SMEs, corporates, and for payment service provider staff.
  • Technical measures for email security.
  • Use of authentication mechanisms that do not expose user credentials.
  • Transaction filtering and monitoring.

(Source - European Payments Council)


See also


Other resource