Vishing, also commonly known as voice phishing or phone elicitation, is a rapidly growing social engineering attack vector. Vishing attempts are difficult to monitor and trace, and attackers are increasingly leveraging this mechanism to extract information and compromise organizations.
Simulated attacks are an effective way to assess vulnerabilities, but the best way to ensure lasting behavior change is to teach employees how to identify and respond to vishing threats. Our extensive reporting provides actionable data about employee responses to various vishing attack scenarios. You’ll be able to identify which departments or employees are most susceptible.
The LUCY vishing tests can be booked directly on our website. The standard procedure for a vishing campaign is:
- Scope definition (phone numbers, dates, language, goal etc.)
- Choose scripts (select among a list of predefined vishing scripts or create a custom script)
- Perform vishing assessment (Number Sppofing, Real Person Dialing, Automated Voice Box Calling etc.)
- Analyze & reporting
- Education (e.g. through LUCY's elearning module)