Quote Me
Protect Your Business from Vishing Attacks
  • October 22, 2025
  • Lucie Thorpe
  • General
  • 0

Protecting Your Business from Voice Phishing Attacks: What You Need to Know

A recent wave of social engineering attacks indicates that Voice Phishing is on the rise, with cybercriminals impersonating IT Support staff in highly convincing phone calls to trick employees into handing over sensitive login credentials.

An organised criminal gang tracked by Google as “UNC6040” has been recognised as one of the groups making use of “Vishing”.

“Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements,” the researchers write.

“This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of organisations’ Salesforce data. In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce.”

Their tactics are simple but highly effective: posing as trusted support personnel and third-party vendors – why wouldn’t you believe them?

How to stay protected

At The One Point, we believe that your people are your strongest line of defence. That’s why we recommend a layered approach to security, starting with awareness training.

Our TOP tips for staying safe:

  • Hang up on suspicious calls. Never provide access or information during an unsolicited call. Instead, contact the vendor or IT support using verified contact details.
  • Verify before you act. If someone asks you to log into a system or click a link, double-check their identity through a trusted channel.
  • Be alert to red flags. Unusual timing, vague subject lines, or unexpected requests are all signs of a potential phishing attempt.

Empower Your Team with KnowBe4

Knowbe4’s security awareness training is designed to support your team with recognising and resisting social engineering attacks. With customisable phishing simulations and real-time threat detection, Knowbe4 helps build a strong security culture that reduces the risk of human error.

From spotting fake support calls to identifying malicious links, KnowBe4 empowers your workforce to make smarter security decisions every day.

  • Reduce malware and ransomware infections
  • Improve real-time threat detection
  • Create a safe space for reporting suspicious activity
  • Turn reported threats into teachable moments

Technology alone can’t stop every attack. But a well-trained team can. By combining KnowBe4’s training with a clear internal policy for verifying third-party requests, your organisation can stay one step ahead of attackers.

Want to learn more about what KnowBe4 can do for your business?

Chat to our team today:

0333 247 6000

sales@theonepoint.co.uk