Cybersecurity giant Cisco had fallen prey to a serious vishing attack on July 24. In a blog post on August 1, the company shared that the voice phishing attack targeted one of its representatives.

Through this social engineering tactic, a bad actor was able to gain access to and export a subset of basic user profile information from a single instance of a third-party, cloud-based Customer Relationship Management (CRM) system used by Cisco.

The compromised data included basic account details such as names, organisation names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata like creation dates. The company claims that the attacker did not access any sensitive information such as passwords, confidential customer data, or proprietary business information. Cisco also confirmed that the incident did not impact any of its products or services and no other CRM instances were affected.

Upon detecting the breach, Cisco immediately terminated the actor’s access and launched an internal investigation. The company also notified affected users where legally required and engaged with relevant data protection authorities.

While the company has not disclosed the volume of user data exposed or the financial costs involved in addressing the incident, the breach highlights a critical need for users to stay vigilant. With AI now enhancing the sophistication of digital frauds, voice impersonation tactics have become significantly more convincing than before, making it even harder to detect vishing attempts. Individuals and organisations might be on the radar of such attacks in the AI age and here is how you can safeguard yourself amid such rising vishing attacks.

What is Vishing (Voice Phishing)?

Vishing is a type of cybercrime where attackers use phone calls to trick people into giving away personal or financial information. It is similar to phishing (email) and smishing (text), but happens over voice communication.

Attackers often impersonate trusted entities such as Banks or financial institutions, Police or government officials, IT support or service providers, and Employers or HR representatives. Social engineering tactics are used to create a sense of urgency or fear.

Victims to such attacks may be convinced to transfer funds voluntarily, share sensitive login or personal details, provide remote access to their devices.

How can users protect themselves from phishing?

• Never share personal data over phone calls, especially OTPs, passwords, or PINs, bank account or card details, and MFA codes or authentication links