Vishing, or eliciting information over the phone, is a common social attack vector. It’s proven to be one of the most successful methods of gaining information needed to breach an organization, even when used by an inexperienced attacker. When you can’t hack your way through your pentest, when you can’t break in with your red-team, when your phishes are blocked or ignored…simply call someone up and get the info you need.
The question now being, how do we succeed? Let’s go over five easy points that contribute to successful vishing.