Voice phone solicitation ("vishing") is a dangerous, cheap, and increasingly common way for attackers to target their victims, says Social-Engineer Inc.'s Fincher. In working with clients, she explains, she will often call ahead to learn more about the client and their internal systems so they know where to spot red flags.
Cybercriminals can do the same thing. It's common for attackers to contact businesses under the guise of a new client requesting information. They can collect plenty of information about corporate systems and current problems, and take advantage.
[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest data security trends and best practices.]
It's a problem because these types of attacks are notoriously hard to detect. "If hackers are intelligent, folks won't know they're being targeted," says Hadnagy. "Good vishing sounds like a normal conversation."
However, inexperienced attackers will slip up, and there are a few warning signs employees can watch for. Some may attempt an attack by making too many calls in a short period of time. Others may make demands before developing a rapport with their victim, raising suspicion of fraudulent activity.
(Image: Jacob Lund via Shutterstock)