Vishing is similar to phishing, but it takes place over voice channels like telephone, voicemail, or even video conferencing platforms. The goal of these calls is typically to convince users to surrender money or private information by spoofing phone numbers and pretending to be a supervisor or client.
For example, you may receive a spoofed phone call from a service provider claiming your account has been compromised and you need to speak with a representative. When you speak with the representative regarding your account, they’ll ask for logins, money, bank info, and more – they’ll often try to get as much information or resources from you as possible.
To prepare for a vishing attempt, IT teams should reassure employees that these calls are often designed to make you panic, and that a real representative that needed this information would likely be patient and willing to work through this with a member of the IT team. Employees should always ask for a moment to stop and think if a call seems fishy or threatening. If an employee gets a suspicious call such as this, they should inform the caller that IT usually handles these calls and forward the call to IT for further evaluation.