Home How To Voice + Phishing: 10 cybersecurity strategies against Vishing

Voice + Phishing: 10 cybersecurity strategies against Vishing

vishing scams

Cyber ​​attacks happen every day, and in recent times a new form of threat has been gaining more and more space: vishing, a  voice phishing strategy using the telephone.

To give you an idea, in September the global hospitality chain MGM Resorts was the victim of a cyber attack that affected everything from slot machines to the check-in system, with an estimated loss of US$15 million. The cybercriminals behind the malicious campaign – allegedly from the Scattered Spider group – accessed the company’s systems through a phone call.

“Vishing, which combines the words ‘voice’ and ‘phishing’, is a form of attack in which fraudsters attempt to obtain sensitive personal or financial information through deceptive phone calls. In the case of MGM, the attackers posed as employees to obtain access credentials, break into internal systems and steal data”, explains Jonathan Arend, cybersecurity consultant at keeggo.

How to protect yourself from falling for vishing scams?

The American giant’s experience raises awareness about the cybersecurity of Brazilian companies. According to the BugHunt National Information Security Survey, more than 1/4 of organizations suffered cyber attacks in the last year, an increase of 8% compared to 2021. Vishing was one of the main attacks reported, with 11.1% occurrence.

To help companies improve their digital security posture against vishing attacks, the keeggo expert recommends some strategies.

1. Employee Training

Employee Training
Training employees is the first and most important barrier against any cyber attack.

Train employees to recognize and report vishing attempts. They should be aware that they should never share confidential information over the phone unless they have verified the identity of the person calling.

2. Identity Verification

Always verify the identity of the caller before sharing confidential information. This may include confirming identity using a password or previously defined security questions.


3. Data security policy

Data security policy
Avoid sharing important company information on channels that can be intercepted.

Implement data security policies that prohibit sharing sensitive information over the phone without proper authentication and authorization.

4. Two-factor authentication (2FA)

Use two-factor authentication whenever possible for access to critical systems and accounts. This makes it more difficult for attackers to gain unauthorized access.

5. Call monitoring and logging

Monitor critical and sensitive phone calls to have a log of activity in case you need to investigate or prove the authenticity of a call.

6. Software and antivirus updates

Software and antivirus updates
Keep all software up to date to avoid security breaches.

Keep software updated with the latest security patches and implement antivirus/antimalware on all systems to avoid known vulnerabilities.

7. Data encryption

Use encryption to protect sensitive data while it is in transit and at rest, making it harder for attackers to access it.

8. Data Backup

Make regular backups of critical data and keep it in secure locations . This can help recover data in case of compromise.

9. Regular security assessments

Regular security assessments
Doing vulnerability testing is important to avoid falling victim to vishing.

Conduct regular security assessments, such as penetration tests and phishing/vishing simulations, to identify vulnerabilities and train employees.

10. Incident response plan

Have an incident response plan in place to deal with vishing attacks and other cyber threats. This includes specific actions to take if an attack is suspected.


Constant Concern: The Best Defense Against Cybercrime

Remembering all these 10 points is essential so that companies can protect themselves against possible vishing attacks, helping to avoid millionaire losses. However, the work doesn’t end there!

Finally, Jonathan Arend reinforces that cybersecurity should be a constant concern and that anticipating threats is essential to maintaining security.

“Looking for a cybersecurity specialist or consultancy can be a smart strategy to ensure that the company is adequately protected against cyber attacks, including vishing”, concludes the keeggo security specialist.

Did you like the content? So, keep an eye here on the portal to stay up to date on this and many other topics about technology and security. To the next!

Previous articleInstall android app on multiple devices at the same time
Next articleDownload GCam 9.1 APK For Any Android Phone
Blogging is a great way to keep up with the general public while still providing insight and advice. Especially if someone thinks of you as an expert in your field, it can have serious benefits.


Please enter your comment!
Please enter your name here