2025-12-13 –, Rookie Track 2
Vishing exploits one of our most fundamental communication mediums - human speech - to bypass defences and extract sensitive information. This presentation dissects the lifecycle of vishing operations, from reconnaissance and pretext development through attack delivery and objective achievement.
The human voice can convey emotion and build rapport in ways that are difficult to replicate in the text of a phishing email. Whilst targets often have time to analyse and consider their response to a phishing email, the power of vishing lies in its immediacy and intimacy.
Attendees will hear about methodologies that can be used in vishing engagements, including vishing-specific reconnaissance, pretext development, rehearsal techniques, and post-call analysis frameworks.
Whether you’re testing your organisation’s defenses or trying to build them up, this session shares practical insights into vishing to help you replicate or respond to this psychologically rich attack vector.
Elizabeth works in a red team in the finance sector, with a passion for open-source intelligence, social engineering and executive security. She has a particular interest in vishing and the power of a well-crafted conversation.