Reaching a six-quarter high in Q2, hybrid vishing attacks have increased six times that of the hybrid-vishing attacks experienced in Q1 2021.

Vishing attacks – those that leverage voice calls as some part of the overall attack – have been in the news lately. With nearly half of organizations experiencing vishing attacks, this should come as no surprise. These response-based attacks (that is, an attack that requires the corporate user to interact) have been continually growing, according to the Q2 2022 Cyber-Intelligence Report from security vendor Agari.

According to the report, hybrid vishing attacks have jumped 625% since they started recording the presence of these attacks in Q1 2021.



Source: Agari

We’ve covered some examples of hybrid vishing attacks before, such as the fake Amazon order confirmation email that requires the victim to call “Amazon” if the recipient has a problem (with the $1000 flat screen TV they’re being told they bought).

Hybrid Vishing started with BazarCall, a spinoff of the Conti Ransomware gang. It’s cross-medium tactics actually help the cybercriminal establish credibility, making it more likely that recipients may fall victim to the scam, giving up personal details, credit card information, credentials, and more.

Users that undergo continual Security Awareness Training are taught to spot these kinds of scams – regardless of their believability or sophistication – and not respond, rendering these attacks dead in their tracks.