Learn to Identify and Prevent Resurgent Vishing Attacks
A low-tech social engineering scam has created high-stakes consequences for MGM Resorts International. A September “vishing” attack cost the Las Vegas casino giant about $100 million, according to the company’s recently filed disclosure with the U.S. Securities and Exchange Commission.
Vishing, or voice phishing, is a type of social engineering attack in which an attacker attempts to trick individuals into giving up sensitive personal information or financial data over the phone. In the MGM case, it appears hackers gained entry to the company’s internal systems by calling the help desk and asking for a password reset. They were able to impersonate an MGM staff member by using information gleaned from the person’s LinkedIn profile to answer basic security questions. The attackers were then able to launch malware that harvested customer information and encrypted essential systems.
The MGM attack comes amidst a surprising resurgence in vishing scams. Although they’ve been around for years, one study found that they increased by a whopping 554 percent last year. The Federal Trade Commission reports that vishing attacks cost U.S. companies more than $1.2 billion in 2022.
Why Vishing Attacks are Increasing
Several factors contribute to the increasing prevalence of vishing attacks. First and foremost, technological advances give attackers increasingly sophisticated tools for spoofing phone numbers, manipulating caller ID information and impersonating callers. For example, Microsoft has created artificial intelligence-based software that can imitate anyone’s voice after listening to it for three seconds.
Vishing, or voice phishing, is a type of social engineering attack in which an attacker attempts to trick individuals into giving up sensitive personal information.
Increasingly interconnected devices and systems also provide attackers with more entry points and potential targets for vishing attacks. In addition, the increase in remote work means more people rely on phones for work-related communication and collaboration, creating a larger pool of potential targets for vishing attacks.
Awareness is key to preventing vishing attacks. Training programs and awareness campaigns can help employees learn to recognize and resist such attacks. For example, vishing attacks commonly try to create a sense of urgency, pressuring individuals to act hastily without careful consideration. Attackers may pose as a representative from a bank, government agency or technical support, claiming there is an urgent issue that requires immediate attention. This pretexting adds a layer of legitimacy to the call, making the victim more susceptible to manipulation.
Following are five techniques everyone should use to protect themselves against vishing attacks:
- Be skeptical. Question the legitimacy of unexpected calls, especially those requesting sensitive information. Trust your instincts and be cautious if the caller is pressuring you. Be wary of automated messages prompting you for a voice response. Scammers might record your voice and use the recording to navigate voice-automated phone menus tied to your accounts.
- Leverage voicemail. Don’t answer a call if you don’t recognize the number. Just let it go to voicemail and decide whether to call back after listening to the message.
- Verify caller identity. Don’t trust caller ID — it is too easy to spoof. If a caller claims to represent a bank, government agency or some other institution, independently verify their identity by calling back using a publicly available and trusted phone number. Also, consider implementing call authentication and caller ID verification solutions to help ensure that incoming calls are legitimate.
- Use two-factor authentication. Implementing 2FA adds an extra layer of security. Even if vishers obtain login credentials, they would still need a second form of verification to access the account.
- Update security software. Keeping security software, including antivirus and anti-malware programs, up to date is crucial. Regular updates ensure that the software can detect and mitigate emerging threats, providing a robust defense against vishing attempts.
Protect Your Organization from Vishing with GDS
Defend your organization against the growing threat of vishing attacks with GDS. Our comprehensive cybersecurity solutions, backed by industry expertise, empower you to implement effective prevention strategies. Partner with us to ensure your teams are trained, systems are secure, and your business stays resilient in the face of evolving cyber threats. Contact GDS today for tailored vishing defense and elevate your cybersecurity posture.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.