In response to reports that hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls, with the use of ‘hybrid vishing’ is seeing a massive 625% growth in 2022, an expert at cybersecurity firm offers the following comment.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Just like in sales, the more “touches” you have with a potential lead, the better chance to convert. We’ve all been told not to click on unexpected emails…but if the attacker also calls us, it adds an immediate sense of legitimacy to the original email. You might even be thinking, “And I thought that could have been a phishing email.” Officially, attacks that use multiple touches, including the first one that doesn’t include any outright suspicious links or downloads, is known as “pretexting”. Pretexting attacks are harder for the attacker to pull off because it takes more time on their side to setup and accomplish. But the time put in pays off, in that they are far more likely to have success across the victim subset they are targeting and be more likely to steal more per instance. The best defense is to educate everyone about these more sophisticated attacks and then do simulated instances to see how likely these sorts of attacks are to be against your population, and to make potential victims more aware of these sorts of attacks. It’s really the only defense that will work.