Please Pick Up: Crafting and Executing Successful Vishing Attacks
Jason Puglisi
BSidesSF 2024 · Day 1
This talk, "Please Pick Up: Crafting and Executing Successful Vishing Attacks," delivered by Jason Puglisi at BSidesSF 2024, delves into the art and science of **vishing**, or voice phishing. Vishing, a form of social engineering, involves using phone calls to manipulate individuals into divulging sensitive information or performing actions that compromise security. While often associated with malicious scams, Puglisi highlights its critical role in ethical hacking and security awareness initiatives, demonstrating how organizations can leverage these techniques to identify vulnerabilities and strengthen their human security posture.
AI review
This talk provides a solid, actionable breakdown of crafting and executing Vishing attacks, grounded in practical OSINT techniques and effective pretexting. The speaker, a Defcon SE competition winner, demonstrates real-world methods for gathering intelligence and manipulating targets, culminating in a strong argument for technical controls over relying solely on human awareness training. It's a valuable session for anyone looking to understand or defend against this potent social engineering vector.