Security Hints & Tips: Vishing

Cybercriminals not only use the internet and email to gain access to sensitive information, they use telephones to their unlawful advantage. Vishing is the term for criminal attempts to influence action or gain confidential information over the phone using social engineering.

How it Works:

Criminals have the ability to call from a blocked, “spoofed,” or private number, making it easier to pose as a fellow employee, an authority figure, or any person or organization that you would commonly interact with.

Any information regarding the processes or technologies a company uses would assist in a breach of an organization. Information that you may not consider very sensitive, such as employee names, titles, or ID numbers, could certainly help these criminals.

Don’t Fall for These Phony Attempts

Think twice about giving out personal information to someone who claims to be from a different organization, or within your organization, unless you initiated the call yourself and you are certain the number called was valid.If someone contacts you requesting sensitive information, always verify that the source is legitimate before providing the information. If the caller claims they are from a different organization, you can compare the caller’s phone number to the phone number listed on the organization’s official website. If the caller claims they are from your organization, you can compare the caller’s phone number to the phone number listed in your organization’s internal directory.

Vishing is not limited to gaining data from your organization, as vishers are also known to prey on your personal information. Remember to stop, look, and think before answering unfamiliar numbers, or before calling phone numbers you see in emails, internet ads, or pop-ups.

Manitoulin Group of Companies Security Team
Cybersecurity@manitoulingroup.com