Vishing Assessment Services

Test Risk of Social Engineering Calls

Vishing – or Voice Phishing – is a social engineering assessment that relies on calling on target audiences to acquire or access classified information. With a more intimate approach over the phone, this individual attack vector is much more successful than phishing, it is the counterpart of an email. . . Employees who need to interact with the public, such as bank tellers and support desk workers, may be especially at risk.

In simulating this form of targeted vishing pretext attack, Infopercept offers an unmatched level of depth and customization. Starting with the collection of information, we use a variety of public outlets to better understand the organisation and build a pretext scenario focused on client data. Using these custom files, our expert social engineers eventually set goals and record the information below.

What is Vishing (Pretext Calling)?

Pretext calling is the act of an attacker calling a victim and purporting to be someone else to encourage them to share sensitive information. The intruder can use the credential obtained from a successful attempt to impersonate individuals within an organisation or to gain access to privileged company services. Due to the popularity of these personal interactions, hackers use more per year.

This voice-calling method is extremely helpful in real-world circumstances - a powerful intimidating method which provides an immediate human interaction that an attacker can make use of in real-time. Unlike other conventional phishing methods, which may also act as a true dragnet, a voice-call alternative includes attacking particular people or roles within an organisation. These positions are also public-based, such as helpdesk personnel or various customer support associates.

Vishing commitments are helpful in revealing how a bad person could use direct phone calls to get information from your employees. This human-specific danger can be mitigated by defining the extent of risk – and training consumers accordingly.

Advanced, Custom-Built Scenarios

1. Reconnaissance
   The collection of knowledge is a crucial step of social engineering which also dictates the performance of the remainder of the evaluation. Using the 'black box' technique, our intelligence analysts carry out in-depth analysis to collect information from the target organisation.
2. Create Pretext Scenarios and Payloads
   Until we've thoroughly enumerated the target, the emphasis is on drawing up the payload. These details include the description of divisions, user positions and the corresponding pretext scenarios. These specifics mean that each customer is carefully researched for the most effective, tailored commitments.
3. Engage Targets
   Using carefully structured strategies and pretexts, security analysts at Infopercept engage employees directly via Vishing phone calls. Depending on the position of the targets and state rules, phone transcripts can be made available to clients for similar documents.
4. Assessment Reporting and Debrief
   Following the conclusion of the initiative and the aggregation of outcomes, a final report shall be submitted, containing both an executive overview and detailed information. Remediation measures and preparation manuals are also offered to guide the customer in the resolution of the training and policy problems found.
5. Optional: Employee Education
   As an optional extension, Infopercept offers user training sessions for clients' staff. Whether hosted in a documented online webinar or in-house training session, Infopercept offers quality security awareness training to the same experts who did the initial work.