VISHING (Syllabus: GS Paper 3 – Cyber Security)

News-CRUX-10     20th May 2024        

Context: Recently, the government issued a circular cautioning its employees about the emergence of sophisticated cybercrime tactics like vishing.


  • About: It is the short form of "voice" and "phishing," executed through phone calls on mobile or landline devices.
  • Methodology: Threat actors initiate vishing by calling victims and coaxing them into interacting with malicious files or emails, often leading to seemingly legitimate websites requesting personal information.
  • Information: Attackers may directly request sensitive information from victims during the call.
  • Targeted Data: Typically, vishing attacks aim to obtain financial details, passwords, or other private information.

o Vishing attackers may impersonate authority figures or acquaintances, leveraging urgency to persuade victims to disclose sensitive information.

  • Telltale signs: A pre-recorded message, Asking for sensitive information, Pretending to be a government official, Using fear and urgency tactics and Poor audio quality.

Other Types of Phishing Attacks

  • Spear Phishing: This type of phishing is directed at specific individuals or companies, hence the term spear phishing.
  • Clone Phishing: It involves mimicking a previously delivered legitimite email and modifying its links or attached files to trick the victim into opening a malicious website or file.
  • HTTPS phishing: An HTTPS phishing attack is carried out by sending the victim an email with a link to a fake website. The site may then be used to fool the victim into entering their private information.
  • Evil twin phishing: In an evil twin attack, the hacker sets up a false Wi-Fi network that looks real. If someone logs in to it and enters sensitive details, the hacker captures their info.