Recently, Cisco fell victim to a vishing attack, compromising basic user profile information from a third-party CRM system. This incident underscores the growing threat of AI-enhanced vishing tactics and the importance of vigilance.
Cybersecurity giant Cisco had fallen prey to a serious vishing attack on July 24. In a blog post on August 1, the company shared that the voice phishing attack targeted one of its representatives.
Through this social engineering tactic, a bad actor was able to gain access to and export a subset of basic user profile information from a single instance of a third-party, cloud-based Customer Relationship Management (CRM) system used by Cisco.
The compromised data included basic account details such as names, organisation names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata like creation dates. The company claims that the attacker did not access any sensitive information such as passwords, confidential customer data, or proprietary business information. Cisco also confirmed that the incident did not impact any of its products or services and no other CRM instances were affected.
Upon detecting the breach, Cisco immediately terminated the actor’s access and launched an internal investigation. The company also notified affected users where legally required and engaged with relevant data protection authorities.
While the company has not disclosed the volume of user data exposed or the financial costs involved in addressing the incident, the breach highlights a critical need for users to stay vigilant. With AI now enhancing the sophistication of digital frauds, voice impersonation tactics have become significantly more convincing than before, making it even harder to detect vishing attempts. Individuals and organisations might be on the radar of such attacks in the AI age and here is how you can safeguard yourself amid such rising vishing attacks.
What is Vishing (Voice Phishing)?
Vishing is a type of cybercrime where attackers use phone calls to trick people into giving away personal or financial information. It is similar to phishing (email) and smishing (text), but happens over voice communication.
Attackers often impersonate trusted entities such as Banks or financial institutions, Police or government officials, IT support or service providers, and Employers or HR representatives. Social engineering tactics are used to create a sense of urgency or fear.
Victims to such attacks may be convinced to transfer funds voluntarily, share sensitive login or personal details, provide remote access to their devices.
How can users protect themselves from phishing?
Never share personal data over phone calls, especially OTPs, passwords, or PINs, bank account or card details, and MFA codes or authentication links
Verify caller identity by asking the caller for their name and organisation, hang up and call back using official contact numbers
Be cautious if they pressure you to act immediately and do not trust threats or urgent demands. Scammers may say you owe money or face arrest. Legitimate agencies don’t demand instant action or payment via phone
Avoid gift card payments given no real company asks for prepaid cards or vouchers as payment.
Never allow remote access to your computer unless you personally know and trust the person.
Report vishing attempts and notify your company’s cybersecurity team to help prevent further attacks.
Fortune India is now on WhatsApp! Get the latest updates from the world of business and economy delivered straight to your phone. Subscribe now.