Zawartość kursu
Introduction
0/2
What exactly is phishing
How do criminals operate?
Types of phishing
Depending on the communication channel through which the attack is conducted, we distinguish several specific forms of phishing, which demonstrates the continuous adaptation of cybercriminals to new technologies:
0/5
Phishing (Email Phishing)
Smishing (SMS Phishing) – Fraud hidden in SMS messages
Vishing (Voice Phishing) – voice phishing
Quishing (QR Code Phishing)
Spear Phishing
Why is phishing so dangerous?
0/3
Global Services
Use of emotions: positive emotions
Strategies based on negative emotions
Examples of phishing attacks
0/6
Phishing using email: „Tax refund” attack
Phishing using email: Alleged shipment attack
Smishing – scam using SMS
Quishing – an attack using QR Code
Vishing – voice attack
Spear phishing
Principles of protection against phishing
0/6
General rules to protect
Phishing via e-mail
Smishing – SMS Phishing
Vishing – voice phishing
Quishing
Spear phishing
Phishing – don’t fall for internet scammers!

The term vishing is a portmanteau of the words Voice and Phishing. It denotes a specific type of social engineering attack that uses voice calls, i.e., the telephone, as the main communication channel to fraudulently obtain information or induce the victim to take detrimental actions.

A key element of vishing is the use of technology that allows fraudsters to easily mask and falsify the number they are calling from (so-called number spoofing). As a result, the victim’s phone screen may display the number of a bank’s helpline, a police station, a tax office, a courier company, or a telecommunications service provider, which drastically increases the credibility of the fraud.

Fraudsters using vishing are masters of manipulation. They impersonate highly trusted roles, most commonly:

Bank or financial institution employees: They inform about an alleged „suspicious transfer,” „account blockage,” or the need to „secure funds.” They create a sense of sudden urgency and threat, pressuring the victim to act under time pressure and emotion.

Police/Prosecutor’s officers: They claim that the victim’s account is under attack or is being used for a crime. They ask for „help in a secret operation,” which involves transferring money to a „safe account” or installing software allegedly intended to track the criminals.

Technical support staff: They call, pretending to be employees of global technology companies (e.g., Microsoft, Apple), and inform about a „virus” or „error” in the victim’s computer system.

The main goal of vishing is to induce the victim to:

Disclose sensitive data: During the conversation, under the pretext of identity verification, fraudsters try to extract online banking login details, credit card numbers, PIN codes, one-time passwords from SMS messages, or national identification numbers.

Take harmful actions: Most often, this is an instruction to make an urgent transfer to an account controlled by the criminals („technical account,” „safe account”).

Install software: Another popular tactic is to induce the victim to install remote access software (e.g., AnyDesk, TeamViewer). After installing this type of application, the fraudster gains full control over the victim’s computer desktop, which allows them to perform unauthorized operations in internet banking.

Vishing is considered one of the most dangerous forms of phishing because a phone conversation creates the illusion of interaction and is harder to ignore than a suspicious email. It gives scammers the opportunity to quickly react to the victim’s doubts, adapt the attack scenario in real-time, and exploit emotions such as fear or a sense of obligation.

Poprzedni
Dalej