Just In

What is vishing, the latest scam that Cisco fell prey to? How to stay safe

/2 min read

ADVERTISEMENT

Recently, Cisco fell victim to a vishing attack, compromising basic user profile information from a third-party CRM system. This incident underscores the growing threat of AI-enhanced vishing tactics and the importance of vigilance.
What is vishing, the latest scam that Cisco fell prey to? How to stay safe
Through this social engineering tactic, a bad actor was able to gain access to and export a subset of basic user profile information from a single instance of a third-party, cloud-based Customer Relationship Management (CRM) system used by Cisco. Credits: Narendra Bisht

Cybersecurity giant Cisco had fallen prey to a serious vishing attack on July 24. In a blog post on August 1, the company shared that the voice phishing attack targeted one of its representatives.

Through this social engineering tactic, a bad actor was able to gain access to and export a subset of basic user profile information from a single instance of a third-party, cloud-based Customer Relationship Management (CRM) system used by Cisco.

The compromised data included basic account details such as names, organisation names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata like creation dates. The company claims that the attacker did not access any sensitive information such as passwords, confidential customer data, or proprietary business information. Cisco also confirmed that the incident did not impact any of its products or services and no other CRM instances were affected.

Fortune India Latest Edition is Out Now!
40u40: India's Brightest Young Business Minds

July 2025

In the world’s youngest nation—where over 65% of the population is under 35—India’s future is already being shaped by those bold enough to lead it. From boardrooms to breakout ideas, a new generation of business leaders is rewriting the rules. This year's Fortune India’s 40 Under 40 celebrates these changemakers—icons in the making like Akash Ambani, Kaviya Kalanithi Maran, Shashwat Goenka, Parth Jindal, Aman Mehta, and Devansh Jain—who are not just carrying forward legacies but boldly reimagining them for a new era. Alongside them are first-generation disruptors like Sagar Daryani, scaling Wow! Momo with a vision to take ₹100 momos to 5,000 cities, and Palak Shah, turning the Banarasi weave into a global fashion story with Ekaya Banaras. These are the entrepreneurs turning ambition into scale. And even beyond traditional industry, the entrepreneurial wave is pulling in creative forces—Ranveer Singh, for instance, is shaking up wellness and nutrition with Bold Care and SuperYou, proving that passion, backed by purpose, is the new blueprint for building brands.

Read Now

Upon detecting the breach, Cisco immediately terminated the actor’s access and launched an internal investigation. The company also notified affected users where legally required and engaged with relevant data protection authorities.

While the company has not disclosed the volume of user data exposed or the financial costs involved in addressing the incident, the breach highlights a critical need for users to stay vigilant. With AI now enhancing the sophistication of digital frauds, voice impersonation tactics have become significantly more convincing than before, making it even harder to detect vishing attempts. Individuals and organisations might be on the radar of such attacks in the AI age and here is how you can safeguard yourself amid such rising vishing attacks.

What is Vishing (Voice Phishing)?

Vishing is a type of cybercrime where attackers use phone calls to trick people into giving away personal or financial information. It is similar to phishing (email) and smishing (text), but happens over voice communication.

Attackers often impersonate trusted entities such as Banks or financial institutions, Police or government officials, IT support or service providers, and Employers or HR representatives. Social engineering tactics are used to create a sense of urgency or fear.

Victims to such attacks may be convinced to transfer funds voluntarily, share sensitive login or personal details, provide remote access to their devices.

How can users protect themselves from phishing?

  • Never share personal data over phone calls, especially OTPs, passwords, or PINs, bank account or card details, and MFA codes or authentication links

  • Verify caller identity by asking the caller for their name and organisation, hang up and call back using official contact numbers

  • Be cautious if they pressure you to act immediately and do not trust threats or urgent demands. Scammers may say you owe money or face arrest. Legitimate agencies don’t demand instant action or payment via phone

  • Avoid gift card payments given no real company asks for prepaid cards or vouchers as payment.

  • Never allow remote access to your computer unless you personally know and trust the person.

  • Report vishing attempts and notify your company’s cybersecurity team to help prevent further attacks.

Fortune India is now on WhatsApp! Get the latest updates from the world of business and economy delivered straight to your phone. Subscribe now.