Get hacked in 2 minutes! Still one of the favorite videos to make people aware of the dangers of social hacking and in this case we are talking about vishing. Vishing is the telephone variant of phishing, because when we think of phishing we usually think of an email or an incorrect text message. But it can be used in many ways.
You can look at this story from two sides.
The first is from the user himself. Have you activated 2FA on your account and does your provider support this? If not, this may be reason enough to move to another provider. Why? This is because if your email account gets hacked, people can get to your other accounts as well. If you do a password reset on your e-mail account, your mobile number will usually be reverted. A criminal with access to your phone can therefore take over your e-mail and often with it all your other accounts. Good to dwell on that.
The second is the group of support agents who are eager to help the customers. Good procedures must therefore be drawn up for them, or rather with them, to properly monitor the accounts of existing customers. Of course it can turn out badly and you can feel like you are running into a paper wall if you want to get something done quickly, but on the other hand you also know that your data is safe there.
About 66% of employees disclose too much information to a social hacker. We do tests on order to see whether we can obtain medical data, patient numbers and other sensitive data by telephone, and we succeed 2 out of 3 times. Without proper awareness (and a policy) of the employees, information leaks from your organization because people often act in good faith.
Tip: With good technology you can partly arm yourself as a company against cyber criminals. But it is even better to train employees properly and to use clear procedures. So, as an organization, keep making your employees aware of the dangers of social engineering, and draw up clear procedures to avert the risks.