Vishing Attacks to Become Commonplace in 2020

Written by

Cybersecurity experts predict that voicemail phishing attacks, otherwise known as vishing, could become a daily occurrence in 2020. 

Threat research conducted by Mimecast found that malicious voicemail messages were not just on the rise, but were "evolving and more nuanced than ever before." 

In the "Quarterly Threat Intelligence Report: Risk and Resilience Insights" report released by Mimecast today, researchers warned that in 2020, "voicemail will feature more prominently." 

Researchers wrote: "The potential for the addition of complexity and malicious payloads, as well as simple phishing, cannot be overlooked. In addition, because the processes and technology to automate voicemail attacks are already ubiquitous, these forms of voicemail phishing will become commonplace in 2020."

Asked with what regularity vishing attacks might strike next year, Carl Wearn, head of E-Crime at Mimecast, told Infosecurity Magazine: "Potentially daily; this is already being seen in our data."

Wearn predicted a rise in the number of private individuals who will fall victim to vishing in the year ahead. 

"It’s potentially a simple vector, and in its most prevalent and simplistic form, these attacks will be phishing emails that claim a missed message and merely attempt to entice you to click on a link to cause infection or compromise," said Wearn.

According to Wearn, the growth in vishing could result in some significant financial losses.

Wearn said: "The impact will increase as more people are fooled by it. Losses will depend on the sophistication deployed. In the main attacks will be low-sophistication URL link lures, but it is highly likely that specific targeted attacks employing ML (Machine Learning) will cause some high-value losses."

Vishing is believed to have already reached a high level of complexity following reports earlier this year of a manager at a UK energy company being duped out of £200,000 by cyber-criminals who used artificial intelligence to make a spoof voicemail that sounded like it had been left by the manager's boss. 

Predicting how vishing scams are likely to evolve, Wearn said: "The majority of attacks will be low effort and similar to phishing, but, increasingly, ML and (AI) artificial intelligence will be utilized as these technologies mature, and they will be very difficult to detect without similar ML/AI defense mechanisms."

When asked what makes vishing seem so inherently sinister, Wearn painted a chilling picture of the form these attacks may soon take. 

"I think the real sinister aspect pertains to the potential for AI/ML to aggregate speech into wholly electronically constructed fake conversations. The idea that a soulless machine can fool you into thinking you are talking to a real person is inherently disconcerting to anyone and no doubt embarrassing if you fall victim to it."

What’s hot on Infosecurity Magazine?