Why ‘Vishing’ Could Be Your Next Major Cyber Threat

“If you look at a lot of major data breaches now, you’ll see that it was actually a phone call that started the breach.”

In the escalating landscape of cyber threats, criminals are constantly evolving their tactics. While we often focus on email phishing or malware, a far more insidious threat is making headlines: ‘vishing’, or voice phishing. Reports indicate a staggering 442% increase in vishing incidents in 2024, marking a critical shift in how cybercriminals are targeting unsuspecting individuals and, by extension, your business.

Why are scammers turning to the phone?

The rise of vishing isn’t coincidental. As organisations invest more in sophisticated email and text filters, attackers are pivoting to where the defences are weakest – the human element.

• Bypassing technical defences: Phone calls are inherently harder for security systems to filter and flag compared to emails, making them a direct line to your employees.

• Urgency and pressure: Live conversations create a sense of urgency, leaving victims little time to think critically or verify claims. Scammers skillfully manipulate emotions to rush decisions.

• Training gaps: Many cybersecurity awareness programs don’t adequately prepare employees for the unique psychological pressures of a vishing attack.

• The AI factor: The advent of AI tools capable of generating highly realistic voice and even video deepfakes makes vishing even more dangerous. Scammers can now create convincing impersonations for highly targeted, believable attacks.

For UK businesses, vishing poses a significant risk as a successful attack can lead to severe consequences. These range from data breaches when employees are tricked into revealing credentials or sensitive company information, to direct financial loss through fraudulent transactions or payments to imposter accounts. Vishing can also result in malware deployment if employees are convinced to download malicious software, and ultimately cause reputational damage through a loss of customer trust following a breach. It’s a critical vulnerability because even the most robust technical defences can be entirely bypassed if an employee is caught unprepared by a single vishing call.

Combating vishing requires a multi-layered approach that empowers your employees while complementing it with strong technical safeguards.

Empower your employees:

• “Slow down and evaluate”: Train staff to be suspicious of urgent, unsolicited calls, especially those asking for sensitive information or immediate action.

• Verify independently: Emphasise the importance of hanging up and calling back on a known, official number (not one provided by the caller).

• Multi-layered verification: Implement processes that require multiple, hard-to-fabricate points of proof for sensitive actions.

Leverage your data centre partner:

• While vishing targets people, a strong technical backbone is still vital. Services like security consulting can help develop comprehensive security policies, including those addressing vishing.

• Advanced threat detection and response systems managed by your data centre partner can quickly flag suspicious network activity that might occur after a successful vishing attempt (e.g., unusual login attempts or data exfiltration).

• Incident management protocols ensure rapid containment and recovery if a vishing attack leads to a breach.

Partnering with a data centre that offers robust cybersecurity services ensures that while your team acts as the crucial human firewall, your digital infrastructure remains secure, resilient, and protected against every angle of attack.

You can also head to our website to find out more. Call us on 0161 464 6101 or email hello@datacentreplus.co.uk to see how we can assist you too.

#2025 #DCP #DataCentre #CyberSecurity #DataBreach #AI #Technology #Sustainability