What is Vishing in Cybersecurity?
Offensive Security
Version 1.0 · Published April 2026 · Last verified April 2026
How is it pronounced?
VISH-ing/ˈvɪʃ.ɪŋ/
Voice + phishing; rhymes with 'fishing'.
Voice phishing, a social engineering attack conducted over phone calls. Attackers impersonate IT support, banks, or government agencies to extract sensitive information or convince targets to install remote access software. Caller ID spoofing makes vishing calls appear to come from legitimate numbers.
Why this matters in 2026
Scattered Spider's 10-minute vishing call to MGM's IT help desk in September 2023 produced $100M in Q3 EBITDAR loss + 10-day Las Vegas Strip shutdown. Caesars was hit on the same playbook days later. CISA's January 2025 help-desk security guidance is a direct downstream output.
Read the full Decipher File →What hiring managers ask about this
Penetration-test and IR interviews ask candidates to design a help-desk identity-verification protocol that survives a Scattered-Spider-style vishing call. The FIDO Identity Verification specification is the reference standard.
Why Vishing Matters for Your Cybersecurity Career
Vishing attacks bypass email security controls entirely, making them a growing concern for cybersecurity teams. Penetration testers include vishing in social engineering assessments. SOC analysts handle vishing reports from employees. Organizations increasingly need security awareness training that covers voice-based threats.
Which Cybersecurity Roles Use Vishing?
Related Cybersecurity Terms
Related Cybersecurity Certifications
Voice phishing, a social engineering attack conducted over phone calls. Attackers impersonate IT support, banks, or government agencies to extract sensitive information or convince targets to install remote access software. Caller ID spoofing makes vishing calls appear to come from legitimate numbers.
Vishing attacks bypass email security controls entirely, making them a growing concern for cybersecurity teams. Penetration testers include vishing in social engineering assessments. SOC analysts handle vishing reports from employees. Organizations increasingly need security awareness training that covers voice-based threats.
Cybersecurity professionals who work with Vishing include Penetration Tester, SOC Analyst, Incident Responder. These roles apply Vishing knowledge within the Offensive Security domain.
Sources
Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.
Last verified: April 2026?Report an inaccuracy
Related Resources
Related Cybersecurity Career Guides
Related Cybersecurity Certifications
Was this page helpful?
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options