Vishing is a term that's used to describe a social engineering attack that happens over a telephone. There are many cases where people have received calls from an attacker, claiming that they are calling from the cable company or the local bank, and asking the victims to reveal sensitive information, such as their date of birth, driver's permit number, banking details, and even user account credentials.

Usually, the attacker calls a target while posing as a person from a legitimate or authorized organization asking for sensitive details. If this first approach doesn't work, the attacker may call again, posing as a more important person or a technical support agent, in an attempt to trick the user into providing sensitive information.

Additionally, when attackers provide a false identity for themselves during a vishing attack, they usually provide a reference to a legitimate organization that they are calling from to build a level of trust with the potential victim. When the targets do not fall for the attack, sometimes, threats such as "Your account will be disabled if you are not able to provide us with your username and password" are used. Targets sometimes believe this and provide the requested information.

Having completed this section, you now understand the characteristics of various types of social engineering attacks. In the next section, we will cover the essentials of defending against social engineering.