What is IVR or phone phishing?

Last Updated: Dec 20, 2012 03:56PM CET

This is a social engineering technique that uses a rogue interactive voice response (IVR) system to recreate a legitimate-sounding copy of an organization's IVR system.

The victim is invited, typically via a phishing e-mail, to call in to the "organization" to "verify" information. A typical system continually rejects login attempts to force the victim to enter several PINs or passwords, which at the same time discloses them to the attacker. More advanced systems transfer the victim to the attacker who poses as a customer service agent for further questioning.

Phone phishing is also called vishing.