Users have gotten reasonably good at spotting scam emails, and popular email systems help detect these efforts’ email items. However, email is not the only game in town. Scammers now exploit social media networks, online file-sharing systems, messaging platforms and applications and phone systems. Compared to email, these channels of opportunity are highly personalized and focused on sharing.

Scammers also leverage sophisticated and ready-to-launch phishing kits, including social, voice, email and enterprise channels. With a bit of time and dedication, an attacker can choose the target(s) of choice, mimicking login portals, official company pages and web pages. The threat condition here is now a scaled, repeatable and convincing operation. Armed with any available ill-gotten or publicly sourced data, the results can be disastrous.

Vishing Exploits Trust

You might recognize the low-level, even common criminal vishing attacks that consist of phony tech support staff, purporting to be from Microsoft or Apple. In other well-known case types, scammers impersonate the Internal Revenue Service (IRS) or the local utility company under the threat of disconnection, severe penalties and, in some cases, jail. Although the label of vishing may be relatively new for most individuals, the tactic is familiar.

At an estimated yearly global loss approaching $50 billion, vishing and the sort of fraud that scammers leverage against the unsuspecting public is unacceptable. When launched against a company, the impact could be devastating in compromising:


  • Data integrity
  • Privileged and competitive data
  • Financial payments
  • Account integrity


Riding on the coattails of the first attacks, vishing hackers mount a nefarious second wave perfectly timed to hit victims where it already hurts.

Motivation and Human Opportunity

Phishing, vishing and various other forms of cyberattack continue to be driven by financial motivations. Data is valuable, trust is valuable and a converted target can pay dividends. To those ends, cybercriminals have developed increasingly sophisticated attacks, exploiting vulnerabilities and loopholes in technology, validations even flaws in how html language is exchanged.

Cybercrime threats are here to stay, and the situation appears to be getting worse as we let our guards down due to distractions related to the pandemic. The bottom line is that humans are vulnerable and gullible, and these attacks continue to work.

The Pandemic Effects

As many industries and workers took a hit during the pandemic, cyber threat actors thrived many opportunities following the shift to remote work. The lines between work and home are now blurred in many cases, wherein in some circumstances, corporate devices became personal tools and vice-versa.

Corporate applications now run on home networks. Video and dial-in conferencing are everywhere. A precarious security gap exists between what a company expects is happening in a data stream versus what is actually happening. Video games, shopping, streaming and mobile banking are all attack vectors and opportunities for cybercrime. These circumstances highlight the immediate need for heightened corporate cybersecurity and data protection practices, especially as opportunities to breach across audiences increases.