Vishing: The Latest Phishing Attack Trend

Feb 22, 2023

GoDaddy, an internet domain registrar and web hosting company, recently disclosed that they experienced three cyber attacks in the past three years. Through these attacks, hackers stole GoDaddy source code, employee login info, and sensitive customer account data. They also installed malware on GoDaddy’s servers, which compromised customers’ websites.

One of the methods the attackers used to infiltrate GoDaddy’s systems was Voice Phishing, or “Vishing.” This is an emerging social engineering tactic hackers use to circumvent a company’s Multi-factor Authentication security measures. 

How Hackers Use Vishing to Get Around Multi-factor Authentication 

Multi-factor authentication (MFA) is a common safeguard companies use to prevent security breaches. With MFA, employees must verify their identity using a combination of methods. For instance, in addition to providing their username and password to log into an account, they may also need a single-use code that’s sent as a text message or generated by an authenticator app. MFA stymies a lot of hacking attempts because even if someone obtains an employee’s password, it’s unlikely they’ll also have access to the employee’s phone or authenticator app to retrieve the necessary single-use code. 

Unfortunately, with “vishing,” hackers can get around MFA security measures by tricking an employee to willingly share the single-use code. Often this looks like an attacker calling an employee over the phone, and posing as the company’s IT personnel. They may send the employee a spoofed, yet legitimate-looking, website that asks the employee to enter their login details and one-time code. A second attacker takes that information and uses it to infiltrate the company’s systems. Once the attackers have the credentials they need, they pull down the spoofed site. 

Universal 2nd Factor Devices Can Prevent Vishing 

Universal 2nd Factor (U2F) is one MFA option that isn’t vulnerable to vishing attempts. Instead of manually entering a one-time code, employees use a small device that plugs into their computer’s USB port to trigger a digital security key. According to KrebsonSecruity, with U2F devices, “even if an employee who has enrolled a security key for authentication tries to log in at an impostor site, the company’s systems simply refuse to request the security key if the user isn’t on their employer’s legitimate website, and the login attempt fails.” 

Read on to learn more about how attackers used vishing to compromise GoDaddy’s systems and how U2F devices can help prevent these kinds of attacks.

All Businesses Must Proactively Protect Themselves

When it comes to cyber security, the rules of the game are constantly changing and evolving. Hackers relentlessly adapt their methods and approaches in an effort to breach companies’ systems.

Deborah Dioguardi, Jencap Professional Lines National Practice Leader and cyber insurance expert explains: “Vishing is just another way cyber criminals exploit companies to gain a profit. Although companies are doubling down on security measures, cyber criminals will keep finding ways around them. No matter their company’s size, business owners need to realize they are not immune to a phishing attack.” 

“Companies can be proactive by hiring internal specialists or partnering with firms that are well versed in cyber security,” says Dioguardi. “It’s vital to educate employees on how to identify different types of phishing attacks, and what to do if they suspect a phishing attempt.” 

At Jencap, our expert brokers keep an eye on emerging cyber security insurance trends, so you and your clients can guard against cyber attacks and recover in the event of a breach. Contact Jencap today to speak to one of our cyber experts.

The Jencap Professional Lines Insurance Team

The Jencap Professional Lines Insurance Team

Whether it’s professional, management, or cyber liability, Jencap’s experienced brokers stay on top of industry trends and one step ahead of the competition, so they can offer the best guidance to you and your clients. Armed with decades of experience, Jencap’s dedicated professional lines team works tirelessly to navigate difficult risk placements, strict security control requirements, ever-changing market capacity, and unpredictable rate fluctuations.
Cyber security | Phishing | Vishing attack



Jencap Professional Lines Insurance

Navigating the New Frontiers
of Professional Lines Insurance

From EPLI to Cyber, partnering with an expert professional lines broker makes the rough road much smoother. We live in a world where risks evolve rapidly, especially for businesses. Jencap’s specialized brokers share the six biggest challenges facing the Professional Lines industry today.





Over the past few years, companies have faced a myriad of business risks — cost-cutting layoffs, supply-chain disruptions, sexual misconduct allegations, social inflation, cyber threats, and more. In our increasingly litigious society, it’s never been more important for businesses to ensure they’re protected. It’s also never been more challenging to secure reasonably-priced, comprehensive professional liability coverage. By partnering with a strong wholesale broker who focuses exclusively on professional lines, you and your clients will have the advantage, even in a hard mark.

Stay Informed

Want to receive information from Jencap on timely marketplace trends, hot new product and program launches, and valuable product expertise that will set you up to win? Sign up below to receive email communications from Jencap.

This field is for validation purposes and should be left unchanged.