Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
NHI, AI & IAM Suppo...
Vishing and the hum...
 
Notifications
Clear all

Vishing and the human identity gap teams are missing

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 8151
Topic starter 24/06/2026 10:04 pm  

TL;DR: Vishing uses voice, caller ID spoofing, and urgency to extract passwords, PINs, and financial or personal data, making it harder to spot than email phishing, according to 1Kosmos. The real failure is not awareness alone but identity verification that can withstand a persuasive live call.

NHIMG editorial — based on content published by 1Kosmos: an analysis of vishing, voice-based phishing, and protection steps

Questions worth separating out

Q: How should organisations reduce the risk of vishing in identity workflows?

A: Use voice only as a contact channel, not as a trust channel.

Q: Why do vishing attacks still work against trained employees?

A: Training helps, but vishing succeeds because it exploits real-time pressure, authority cues, and the human tendency to help.

Q: What do security teams get wrong about phone-based phishing?

A: They often treat phone calls as a low-tech nuisance instead of an identity risk.

Practitioner guidance

  • Harden phone-based identity verification Require out-of-band confirmation for any sensitive request made by phone, especially password resets, banking changes, account recovery, and payment instructions.
  • Treat account recovery as privileged access Apply stronger identity proofing to recovery flows than to routine support interactions.
  • Train staff on live-call manipulation patterns Teach teams to recognise urgency cues, authority impersonation, and scripted prompts for passwords or PINs.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

  • Practical vishing red flags and call-script patterns that help frontline staff recognise manipulation in real time.
  • Identity verification guidance for phone-based interactions, including the safeguards that reduce account takeover risk.
  • Examples of how companies are targeted through employee, vendor, and stakeholder impersonation.
  • A closer look at AI-assisted voice deception and the next wave of social engineering tactics.

👉 Read 1Kosmos's analysis of vishing, identity theft, and voice-based phishing →

Vishing and the human identity gap teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
1kosmos vishing social-engineering identity-theft account-recovery
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  1kosmos (152) , vishing (4) , social-engineering (32) , identity-theft (3) , account-recovery (17) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.