Vishing – Quick Info

You’ve heard about phishing, but what, might you ask, is “vishing”?

Vishing is the use of voice calls, instead of email, to attempt to steal credentials or install malware, or other nefarious actions.

A example of a vishing attempt would play out like this:

You receive a call from “Rick” in your IT department saying there have been changes in how you log in and he needs you to login soon to the new site or you could lose access to your account. He sends you an email that has a link to a site that looks vaguely like a Berry web site. After you enter you username and password, “Rick” now has access to your account, which provides him access to much more than just your email. If you by chance use multi-factor authentication (MFA), “Rick” will also have you confirm your login via MFA, again, with the result that he now has access to your account and can modify your MFA settings or even turn it off.

Vishing attempts like this are used to steal credentials, particularly from people working remotely, either at home or at a secondary office. The remoteness makes it easier for vishers to impersonate IT departments and manipulate users into giving up their usernames and passwords.

Know this…The Office of Information Technology here at Berry will never just call you “out of the blue” with a major change, like where to log in to access your email or other college sites. There will be a concerted effort to promote the change via every communication channel available for a reasonable period of time before the change.

Return to the Quick Info main page

Return to the InfoSec News and Alerts front page

 

(Visited 179 times, 1 visits today)