Vishing refers to an attacker posing as a member of an organization’s helpdesk or another reputable organization in order to convince the called party to grant them access to a system. Typically the process works as follows:

• After identifying individual’s to target, then a phishing campaign is often run to flood that individual’s mailbox with SPAM

• The vishing attacker will call or leave a voicemail purporting to have knowledge of the phishing attack and offering assistance

• The attacker uses convincing information to talk the called party into installing remote access or remote assistance software, thus gaining a foothold in the system

• The attacker then works behind the scenes to escalate their privileges and gain access to sensitive systems

See additional background information:

FBI / IAC3 public service announcement

American Hospital Association

FBI Warning (Youtube video 1:30)