Vishing
From ACT Wiki
Jump to navigationJump to search
Cybercrime.
Abbreviation for voice phishing.
Voice phishing is a cybercrime that uses social engineering and the telephone system.
In its simplest form, the criminal uses phone calls to gain access to private personal and financial information from the public for the purpose of financial fraud.
Vishing is also used by attackers for reconnaissance purposes, to gather intelligence about a target organisation for use in future attacks.
- Fraud trending to social engineering and larger target organisations
- "The main attack focus over the past year has continued to be the trend of shifting away from malware to social engineering attacks.
- Social engineering attacks, phishing and vishing attempts are still increasing and they remain instrumental often in combination with malware.
- Whereas in the past consumers, retailers and SMEs had been the main focus, the last year more and more company executives, employees (through CEO fraud), financial institutions and payment infrastructures appear to become preferred targets."
- Payments Threats and Fraud Trends - European Payments Council - 2021.
Controls and mitigations to counter vishing and other social engineering threats include:
- Awareness campaigns for consumers, SMEs, corporates, and for payment service provider staff.
- Technical measures for email security.
- Use of authentication mechanisms that do not expose user credentials.
- Transaction filtering and monitoring.
(Source - European Payments Council)
See also
- Advanced Persistent Threat
- CEO fraud
- Compromise
- Corporate
- Cybercrime
- Cybercrime – A Threat And An Opportunity
- Cyber security: protecting your business and your clients
- European Payments Council (EPC)
- Financial institution
- Hacktivist
- Internet
- Malware
- Payment infrastructure
- Payment service provider (PSP)
- Phishing
- SME
- Smishing
- Social engineering
- Spear phishing
- Spoofing
- Whaling