Vishing
Vishing is the voice call equivalent of phishing. Vishing is most prevalent in relation to tax or banking services where attackers impersonate HMRC or fraud departments of well known banks to attempt to trick victims into giving up sensitive information like address details, credit card numbers, bank accounts details or passwords, over the phone. Vishing attacks regularly make use of voice simulation or personal information gained from other cyber attacks, to put victims at ease.
25th September 2025
The biggest security breaches of 2025-26 started with 'Vishing' (voice phishing for M&S, Quantas, CISCO etc.). These are active campaigns targeting colleagues across organisations. People are making phone calls impersonating IT Support, internal teams or suppliers in an attempt to obtain sensitive information or prompt unsafe actions by employees.
How to identify a vishing attempt:
How to identify a vishing attempt:
- Unexpected calls claiming to be from IT support or a helpdesk, internal teams or suppliers
- Pressure to act urgently (e.g "account issue", "security incident", "access expiring")
- Requests for credentials, MFA Codes, system actions or sensitive information
- Caller refusing verification or discouraging callbacks
- Phone number or caller details that do not match known contacts
Never trust caller ID alone - numbers can be spoofed. Staying alert, reporting concerns and thinking about these things when Risk storming or Threat modelling are essential.
30th April 2026
Better than a generic video, see YOUR test, live, ready to show you what matters most: quality at scale.
Explore MoT
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
Debrief the week in Quality via a community radio show hosted by Simon Tomes and members of the community
