VISHING (Syllabus: GS Paper 3 – Cyber Security)

Context: Recently, the government issued a circular cautioning its employees about the emergence of sophisticated cybercrime tactics like vishing.

Vishing

• About: It is the short form of "voice" and "phishing," executed through phone calls on mobile or landline devices.
• Methodology: Threat actors initiate vishing by calling victims and coaxing them into interacting with malicious files or emails, often leading to seemingly legitimate websites requesting personal information.
• Information: Attackers may directly request sensitive information from victims during the call.
• Targeted Data: Typically, vishing attacks aim to obtain financial details, passwords, or other private information.

o Vishing attackers may impersonate authority figures or acquaintances, leveraging urgency to persuade victims to disclose sensitive information.

• Telltale signs: A pre-recorded message, Asking for sensitive information, Pretending to be a government official, Using fear and urgency tactics and Poor audio quality.

Other Types of Phishing Attacks

• Spear Phishing: This type of phishing is directed at specific individuals or companies, hence the term spear phishing.
• Clone Phishing: It involves mimicking a previously delivered legitimite email and modifying its links or attached files to trick the victim into opening a malicious website or file.
• HTTPS phishing: An HTTPS phishing attack is carried out by sending the victim an email with a link to a fake website. The site may then be used to fool the victim into entering their private information.
• Evil twin phishing: In an evil twin attack, the hacker sets up a false Wi-Fi network that looks real. If someone logs in to it and enters sensitive details, the hacker captures their info.