Vishing (Voice Phishing) in Social Engineering News
A new report by Mutare reveals costly and pervasive shortcomings in enterprise security protections against voice network attacks, such as vishing, robocalls, and spoof calls. Significantly, nearly half (47%) of organizations in this report experienced a vishing (voice phishing) or social engineering attack in the past year. As you will see in the following news story, criminals are successfully using this attack vector to extract information and compromise targeted enterprises.
Cisco Confirms Vishing Attack
On August 10, 2022, Cisco released a report confirming a breach of its network. During the investigation, Cisco found that one of their employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the target’s browser were being synchronized.
The attacker then conducted a series of vishing attacks posing as various trusted organizations. The goal? To convince the employee to accept multi-factor authentication (MFA) push notifications started by the attacker. The attacker succeeded in achieving an MFA push acceptance, granting them access to VPN (Virtual Private Network) in the context of the targeted user.
Test. Educate. Protect — Social-Engineer’s Managed Vishing Service
The attack on Cisco highlights the urgent need for security awareness training that includes social engineering techniques commonly used by attackers. It is interesting to note that more than one-third (36%) of respondents in the Mutare report cited security awareness training as the top solution to protect voice networks from vishing. Enterprises recognize the need for training but may find it difficult to implement. The Social-Engineer’s Managed Vishing Service can fill this security gap.
Our vishing method deploys professionally trained and certified social engineers to elicit critical information from your employees. Hundreds to thousands of calls per month can be made to your employees by certified social engineers capable of pivoting and adjusting conversation like a real attacker. Our program offers both scale and quality. We do not use script-driven call center staff and we never use robocallers! Act now to protect your enterprise from vishing attacks.
Please contact us today for a consultation.
*** This is a Security Bloggers Network syndicated blog from Social-Engineer, LLC authored by Social-Engineer. Read the original post at: https://www.social-engineer.com/vishing-in-social-engineering-news/
