Vishing Attacks Rise to Record Highs

Vishing increases its virulence and rises to unprecedented highs. Cases of this type of voice phishing have soared by 550% between the first quarter of 2021 and the same period in 2022.

Vishing attacks already surpass BEC or business email account compromise campaigns as an email response-based threat. At the end of last year, more than 1 in 4 response-based threats was a vishing attack, and that trend has continued into 2022.

This is reflected in the Quarterly Threat Intelligence and Trends Report from Agari and PhishLabs, two cybersecurity products owned by HelpSystems.

“Hybrid vishing campaigns continue to generate impressive numbers, accounting for 26.1 percent of the total share by volume so far in 2022,” comments John LaCour, Principal Strategist at HelpSystems.

“We see an increase in threat actors moving away from traditional voice phishing campaigns to initiate multi-stage malicious email attacks,” he explains. “In these campaigns, attackers use a callback number in the body of the email as a lure, and then rely on social engineering and spoofing to trick the victim into calling and interacting with a fake representative.”

“Most attack campaigns do not originate from scratch, but rely on modifying traditional tactics and incorporating multiple platforms,” adds LaCour.

“Therefore, to keep companies secure, it is no longer enough to just monitor within the network perimeter,” he warns. “Visibility must also be extended to numerous external channels to proactively gather intelligence and detect potential threats.”